Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade electron-rebuild from 1.11.0 to 2.0.3 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade electron-rebuild from 1.11.0 to 2.0.3 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

✨ Snyk has automatically assigned this pull request, set who gets assigned.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: electron-rebuild The new version differs by 33 commits.
  • 89c013b fix: run node-gyp rebuild correctly (#409)
  • fda43db build: emit ES2018 (Node 10) JS from tsc
  • 6ec64c0 chore: limit module files to lib
  • 17d18bc build(deps): bump yargs from 15.4.1 to 16.0.0
  • e2fa3b4 build(deps-dev): bump @typescript-eslint/eslint-plugin
  • 85cdbc5 build(deps-dev): bump @typescript-eslint/parser from 4.0.1 to 4.1.0
  • 9b524c8 build(deps): upgrade ora to ^5.1.0
  • 9d166a8 fix: use node-gyp as a module instead of shelling out (#400)
  • d9d099a build(deps-dev): bump @types/node from 14.6.2 to 14.6.4
  • 49b0c59 build(deps-dev): bump @typescript-eslint/{eslint-plugin,parser} from 3.10.1 to ^4.0.1 (#396)
  • 87bcc1a build(deps-dev): bump electron from 10.1.0 to 10.1.1
  • 5d770c9 build(deps-dev): bump eslint from 7.7.0 to 7.8.1
  • ac4165f build: add support for code coverage & uploading to codecov (#399)
  • f217671 build(deps-dev): bump @types/node from 14.6.1 to 14.6.2
  • f872b49 build(deps-dev): bump mocha from 8.1.2 to 8.1.3
  • f567a2d build(deps-dev): bump electron from 10.0.1 to 10.1.0
  • 106d9ae build(deps-dev): bump @types/node from 14.6.0 to 14.6.1
  • 04d27cb build(deps-dev): bump @typescript-eslint/parser from 3.10.0 to 3.10.1
  • 9f7c005 build(deps-dev): bump electron from 10.0.0 to 10.0.1
  • 77f3099 build(deps-dev): bump @typescript-eslint/eslint-plugin
  • 72bdf5b build(deps-dev): bump mocha from 8.1.1 to 8.1.2
  • 108762b build: test/CI enhancements (#386)
  • 2e19f76 fix: node-gyp requires Node 10.12
  • eef71ea build(deps-dev): upgrade @typescript-eslint/{eslint-plugin,parser} to ^3.10.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
7a48dcf 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot