From 1378ca6465944514823abf2761c245d4ff577cd3 Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Thu, 12 Jul 2018 08:13:55 -0700
Subject: [PATCH] update rgb2hex (#379)

rgb2hex is subject to a RegExp-based Denial of Service vulnerability in
versions prior to 0.1.6. Update package-lock.json so `npm ci` and
friends install a safe version. No idea if electron is vulnerable to
anything remotely resembling a realistic attack based on this deep
dependency, but why bother looking into it when you can just update and
move on with life?

Refs: https://snyk.io/vuln/npm:rgb2hex:20180429
---
 package-lock.json | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 415efa7f..e5f8ffc9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4299,10 +4299,9 @@
       "dev": true
     },
     "rgb2hex": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/rgb2hex/-/rgb2hex-0.1.0.tgz",
-      "integrity": "sha1-zNVfhgrgxcTqN1BLlY5ELY0SMls=",
-      "dev": true
+      "version": "0.1.8",
+      "resolved": "https://registry.npmjs.org/rgb2hex/-/rgb2hex-0.1.8.tgz",
+      "integrity": "sha512-kPH3Zm3UrBIfJv17AtJJGLRxak+Hvvz6SnsTBIajqB2Zbh+A4EEjkMWKkmGhms0cJlzOOjZcu1LX5K3vnON7ug=="
     },
     "rimraf": {
       "version": "2.6.2",