chore(deps): update dependency react-player to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
react-player	2.16.1 -> 3.4.0

---

Release Notes

cookpete/react-player (react-player)

v3.4.0

Compare Source

• fix: Improve accessibility and code quality #1985
• feat: Add disableRemotePlayback prop #2004
• fix: upgrade player deps a68f29d

v3.3.3

Compare Source

• fix: upgrade deps + fix hls config bug #1977

v3.3.2

Compare Source

25 August 2025

• fix: prevent React warnings for unknown event handler properties #1970
• docs: the demo source in README.md #1979
• Fix: Add share URLs to TikTok pattern matching #1973
• MIGRATING.md: Fix broken link to demo app #1969
• chore(release): 3.3.2 a9d43f1

v3.3.1

Compare Source

16 July 2025

• fix: merge circular dependency #1964
• chore(release): 3.3.1 26001ec

v3.3.0

Compare Source

16 July 2025

• feat: add tiktok support #1961
• feat: add tiktok support (#​1961) #1193
• chore(release): 3.3.0 6c3a830

v3.2.1

Compare Source

15 July 2025

• fix: muted prop bug #1959
• fix: muted prop bug (#​1959) #1957
• chore(release): 3.2.1 d72301f

v3.2.0

Compare Source

11 July 2025

• feat: add Spotify and Twitch support #1956
• chore(release): 3.2.0 d650eaa

v3.1.0

Compare Source

2 July 2025

• docs: Add a Youtube playlist example #1946
• feat: add YT playlist support #1947
• chore(release): 3.1.0 a315b5f

v3.0.0

Compare Source

27 June 2025

• docs: add custom player controls section & example #1942
• chore(release): 3.0.0 ddd6303

v3.0.0-beta.4

26 June 2025

• fix: upgrade media element dependencies #1941
• chore(release): 3.0.0-beta.4 6fa7049

v3.0.0-beta.3

19 May 2025

• fix: prevent infinite recursion in deepmerge by extracting children prop #1933
• chore(release): 3.0.0-beta.3 d2f7578

v3.0.0-beta.2

8 May 2025

• fix: playing prop bug #1932
• chore(release): 3.0.0-beta.2 aba61fa

v3.0.0-beta.1

8 May 2025

• fix: upgrade media elements #1929
• fix: add slot and other media attrs #1931
• chore(release): 3.0.0-beta.1 af90316
• fix: support React 19 a26d253
• docs: fix formatting issues 8545cb3

v3.0.0-beta.0

8 May 2025

• feat!: v3 refactor #1886
• chore: Small readme update #1884
• chore(release): 3.0.0-beta.0 693caed
• docs: fix src instead of url prop b0084f7

v2.16.1

10 July 2025

• chore(release): 2.16.1 71efe92
• fix: Mixcloud URL (#​1953) 47a8c49

v2.16.0

9 April 2024

• feat: add Mux + hls.js support back in #1769
• chore(release): 2.16.0 795b196

v2.15.1

2 March 2024

• fix: dynamic Mux import #1758
• docs: fix demo URL #1752
• docs: readme updates, next-video callout #1751
• fix: dynamic Mux import (#​1758) #1755
• chore(release): 2.15.1 4d7fcb5

v2.15.0

28 February 2024

• chore(cd): remove --changelog b/c auto-changelog #1750
• feat: add Mux player #1748
• chore(github-pages): add demo preview #1747
• chore: remove unneeded config files #1744
• Add aria-label to Preview component #1705
• Add Deno-specific browser check #1632
• docs: fix badges #1735
• chore(release): 2.15.0 6dfff1c

v2.14.1

19 December 2023

• fix: cjs interop require default pita #1722
• docs(CHANGELOG): 2.14.1 921b0e0
• chore(release): 2.14.1 8ca9747
• chore: npm ignore unneeded folders 678f466

v2.14.0

14 December 2023

• fix: repo url #1709
• fix: pkg repository.url #1708
• chore: add CD workflow #1706
• chore: use Node matrix with 16.x, 18.x, 20.x #1688
• docs: update demo App.js link #1689
• fix: modernize build using esbuild #1684
• docs(CHANGELOG): 2.14.0 e018c42
• chore(release): 2.14.0 1496f67

v2.13.0

5 September 2023

• Fix #​1604 - FilePlayer does not work if I passed an array of urls #1612
• fix: src sttribute become "undefinded" if url is an array #1648
• Adding keepPlaying to other player types #1639
• CI #1654
• Swap out broken youtube URL #1659
• Add keepPlaying to seekTo #1620
• Added forceDisableHls option for FilePlayer #1625
• added onPlaybackQualityChange prop #1636
• Update the list of supported YouTube domains #1599
• Fix #​1604 - FilePlayer does not work if I passed an array of urls (#​1612) #1604
• Support Wisita URLs with query params #1591
• Support vimeo manage links #1593
• Update readme 90237f5

v2.12.0

7 March 2023

• Added Vimeo Muteability #1588
• Add forceSafariHLS option for FilePlayer #1560
• fix: standalone has side effects #1586
• Update DASH example #1589
• Support live youtube URLs #1580

v2.11.2

10 February 2023

• Remove module property from package.json #1574

v2.11.1

8 February 2023

• Update light prop usage re: new feature in PR#1405 #1510
• Extending valid DailyMotion URL regex Fix #​1430 #1516
• Add "sideEffects": false to package.json #1524
• responsive CSS fix #1533
• add unbundled es6 build with jsx file extensions #1537
• Replace Vimeo default preview thumbnail #1553
• fix typo #1558
• fix: empty src attr in StrictMode #1538
• Extending valid DailyMotion URL regex Fix #​1430 (#​1516) #1430

v2.11.0

17 September 2022

• Add event playbackratechange on vimeo player #1502
• feat: allow auto play on mixcloud player #1467
• Fix onProgress not firing in Strict Mode #1465
• Generate a file dist/ReactPlayer.standalone-module.js ES6 module #1425
• ability to pass a component in light prop #1405
• (fix): clear video src to prevent old video from continue to load #1360
• apply interface onProgressProps at base.d.ts #1342
• Do not pass wrapper ref to custom wrappers #1476
• Update readme e955a2c
• Update browserslist dc68dba
• Remove patreon supporter 4e5d334

v2.10.1

7 May 2022

• don't stack event listeners #1186
• Add flvjs error handling, pass it to props onError method. #1426
• Allow parameters after entry_id on kaltura #1432
• adds support for youtube short urls #1438
• Prevent double load bug in strict mode #1439 #1450
• Use allow rather than allowFullScreen #1444
• yarn audit fix 9ad5f38
• Fix Player tests 30314c7
• Remove email from package.json 646e62e

v2.10.0

18 March 2022

• Added .m4b extension to AUDIO_EXTENSIONS #1415
• Adjust listener for kaltura #1226
• update default HLS version to latest release #1402
• Make pre-publish.js ES5 compatible #1393
• fix: Add exception handling when seekTo is called with amount value 0 #1372
• Add onSeek support to Twitch player #1354
• Add attributes in FacebookConfig type #1351
• handle setPlaybackRate error #1223
• Add onPlaybackRateChange callback prop #1224
• Ability to pass null to previewTabIndex #1256
• Add media attribute to source tag in file player #1269
• fix: don't defer MediaStream #1230
• add title attribute to vimeo iframe #1229
• Add oEmbedUrl as changeable prop #1333
• update video extenstions to accept media fragments for time #1213
• Add type for wrapper in base.d.ts #1234
• Make facebook config type properties optional #1314
• Add disableDeferredLoading prop #1396
• Support new vimeo external link format #1399
• Tweak Vidyard pattern #1373
• Adjust listener for kaltura (#​1226) #1202
• Update caniuse-lite 9f6adcd
• Fix kaltura test 0f512c2

v2.9.0

17 February 2021

• Adds previewTabIndex property to light mode #1169
• Update YouTube URL pattern (#​1170) #1171
• Support Kaltura's HTML5 player #1082
• Fix suspense check for nextjs #1165
• Add kaltura player types b1e1053

v2.8.2

26 January 2021

• fix: ensure lazy typedefs mirror defaults #1153
• fix: nullify srcObject instead of calling removeAttribute #1145
• updated basic types with fallback #1144
• Update wistia url pattern #1149
• fix: ensure lazy typedefs mirror defaults (#​1153) #1146

v2.8.1

20 January 2021

• fix: remove srcObject attribute if next uri is not a MediaStream #1121
• Add onClickPreview #1131
• Added types for single players #953
• yarn upgrade 0c7dd4a
• Fix clean script 9a448b1

v2.8.0

20 January 2021

• added soundcloud playlist preview button for demo page so developers can know it also supports sc playlists #1113
• Add missing FLV props to TS defs #1122
• FEAT: customize fallback through props for lazy loading #1133
• Add onClickPreview #1131
• Added types for single players #953
• Add custom control support to Wistia #1125
• Fix facebook muted logic #1127
• yarn upgrade b21c908

v2.7.2

16 December 2020

• fix: add playIcon prop to TS declaration #1084

v2.7.1

16 December 2020

• Improve youtube playlist regex #1088

v2.7.0

16 November 2020

• Parse start time from twitch url #1046
• Add explicit comment to set muted to true for autoplay #1036
• Updates the default version of dash.js, hls.js #1056
• Fix canPlayFile to support blob uri, fix #​1023 #1041
• Update CONTRIBUTING.md #1017
• Use hls.js manifest parsed event for onReady #1066
• Add config.facebook.attributes #1071
• Prevent errors when updating without a player #1052 #1074
• Add support for youtube live channel urls #1033
• Fix canPlayFile to support blob uri, fix #​1023 (#​1041) #1023
• Add console warning when using youtube embedOptions.events #1016
• Add support for fb.watch URLs #1061
• Run yarn-audit-fix 0c1bfd1
• Fix tests 8e8c107
• Adjust blob util f9c5429

v2.6.2

8 September 2020

• Add twitch config interface #996
• Fix iPad Pro detection #1005 #1004

v2.6.1

21 August 2020

• Fixes youtube player playsinline variable type #989
• Add descriptive text to Controls section #982
• added missing type for 'getSecondsLoaded' #977
• Fix single player import logic #993
• Remove gitads banner cea0c38
• Tweak vimeo controls readme wording c05cf93
• Tweak gitads copy e252438

v2.6.0

23 July 2020

• Make force disabling PIP dependent on prop #964
• vimeo: listen for bufferring events and handle with matching callbacks #975
• Call onLoaded when file streaming SDKs have loaded #976
• yarn upgrade 05ae217
• Add gitads banner to readme 6840e35

v2.5.0

3 July 2020

• Add support for FLV files #958
• Fix single player imports on IE11 #954

v2.4.0

28 June 2020

• Hide wistia controls with controls prop #937
• Add Cloudflare Stream support to file player #944
• Fix sample files #948

v2.3.1

13 June 2020

• dash deprecated method fix for different versions. #933
• wistia config types updated #931
• Tweak .npmignore 2204c7e

v2.3.0

11 June 2020

• Add Wistia player id to support multiple players #905
• Copy typings into lazy dir before publish #918
• Add basic caching of preview thumbnails #927
• Fix SDK fetching when exports exists in global scope #921
• Bump packages b92031a
• Remove bower info from readme c66a1c7
• Fix wistia tests 85af252

v2.2.0

7 June 2020

• Move lazy loading players to react-player/lazy #912 #907 #865 #910 #902
• Support array of youtube urls #906
• The return of single player imports 45635ef
• Move canPlay logic into patterns.js 45369bb
• Add preview chunk name 17b28ca

v2.1.1

31 May 2020

• Correct typings for onReady #884
• Add webpackChunkName to dynamic imports #899
• Add patreon info to readme c4c597f

v2.1.0

23 May 2020

• Match YouTube User Uploads #877
• Destroy previous vidyard player before creating new one #894
• Improve light mode a11y #878
• Prevent Soundcloud onPause right before onEnded #879
• Prevent unwanted Vidyard autoplay #887
• Add onUnstarted youtube config option #888
• Reset hls and dash before loading new url #892 #874
• Support youtube-nocookie.com #896 #272 #557
• Fix youtube fragment looping #897
• Prevent dynamic import transforms to fix lazy loading #886
• Fix youtube example playlist fcf4657

v2.0.1

28 April 2020

• Adds the missing default data for the selected player #864
• Only try and disablePIP on unmount if player is ready #849
• Prevent Suspense being rendering during SSR #738 #865
• Match twitch channel pattern case-insensitive #860
• Rename refs to references #868 #866 #867 #861
• Use file player for soundcloud hosted audio files #811

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

[cloudflare-workers-and-pages]

Deploying countr with    Cloudflare Pages

Latest commit:	75670da
Status:	🚫  Build failed.

View logs

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Low adoption: npm @svta/cml-608 Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-608@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-608@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-cmcd Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-cmcd@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-cmcd@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-cmsd Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-cmsd@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-cmsd@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-cta Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-cta@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-cta@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-dash Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-dash@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-dash@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-id3 Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-id3@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-id3@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-request Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-request@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-request@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-structured-field-values Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-structured-field-values@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-structured-field-values@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-utils Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-utils@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-utils@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @svta/cml-xml Location: Package overview From: pnpm-lock.yaml → npm/@svta/cml-xml@1.0.1 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@svta/cml-xml@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report