[MEDIUM] AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf`

PKSA-fc5p-jrjx-1jy4 CVE-2026-45619 GHSA-c3ch-22rq-xfwr

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub