Update airplay-protocol dependency

[hicom150]

What is the purpose of this pull request? (put an "X" next to item)

[ ] Documentation update
[ ] Bug fix
[ ] New feature
[x] Other, please explain:

Dependency update to fix security vulnerabilities

What changes did you make? (Give an overview)

Update airplay-protocol dependency to point to master as in this branch vulnerabilities are already fixed.

Is there anything you'd like reviewers to focus on?

No

[Borewit]

@hicom150 Are you sure you want to merge into the master?

We could create branch from which we release, and reserve the master for changes from upstream repo. Although the desired situation is that they include your PR's directly ofcourse.

[Borewit]

I merged your changes to https://github.com/webtorrent/airplayer/tree/fix-security

So they are in. For us, fix-security, is the main branch.

[hicom150]

Yes you are totally right 👍

[Borewit]

If changes are made to package, for releasing an interim package, it is best to keep those as well on another branch. This way we have:

1. master branch, reserved for changes from upstream watson/airplayer master
2. fix-security branch, which hold the fix, which is suitable to PR back to upstream project
3. release branch, used to adjust package settings for the interim release. The last branch we do not want mix up with fixes we potentially sent back.

[Borewit]

So you could indeed release it with github dependency: airplayer@github:fix-security or release a fixed NPM with a different scoped package name using the release branch.

[Borewit]

Yarn would have been able to fix this issues by the way, it can override indirect dependencies.