Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade electron-rebuild from 1.10.1 to 3.0.0 #104

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade electron-rebuild from 1.10.1 to 3.0.0 #104

wants to merge 1 commit into from

Conversation

chloe-lam
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: electron-rebuild The new version differs by 250 commits.
  • 72f21bf feat!: 3.0.0 (Add Linux For Everyone to Featured By section GitSquared/edex-ui#799)
  • ceb6ad5 ci: use the Node 16 Docker image for the release job
  • e166132 chore: update deps, require Node 12 (Code GitSquared/edex-ui#784)
  • 60d277e build(deps-dev): bump @ types/node from 16.4.11 to 16.4.12
  • 695655a build(deps): bump yargs from 17.0.1 to 17.1.0
  • f2b982c build(deps): bump tar from 6.1.5 to 6.1.6
  • 5f198d9 build(deps-dev): bump @ types/node from 16.4.10 to 16.4.11
  • 45174ad Merge pull request Hu GitSquared/edex-ui#792 from electron/dependabot/npm_and_yarn/tar-6.1.5
  • b10f9ef build(deps): bump tar from 6.1.4 to 6.1.5
  • 00a4da7 build(deps): bump tar from 6.1.3 to 6.1.4
  • 3468d48 build(deps-dev): bump @ typescript-eslint/parser from 4.28.5 to 4.29.0
  • 9906fcb build(deps-dev): bump @ typescript-eslint/eslint-plugin
  • a100d50 build(deps): bump tar from 6.1.2 to 6.1.3
  • 991f2a5 build(deps-dev): bump @ types/node from 16.4.7 to 16.4.10
  • d883702 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
  • 97f03ad build(deps-dev): bump @ types/node from 16.4.6 to 16.4.7
  • 19147cc build(deps-dev): bump @ types/node from 16.4.4 to 16.4.6
  • a028f8d build(deps-dev): bump @ types/node from 16.4.3 to 16.4.4
  • 6e500a2 build(deps-dev): bump @ typescript-eslint/parser from 4.28.4 to 4.28.5
  • dfc79cd build(deps-dev): bump @ typescript-eslint/eslint-plugin
  • 5a4c46a build(deps): bump tar from 6.1.1 to 6.1.2
  • b430f90 build(deps-dev): bump @ types/node from 16.4.1 to 16.4.3
  • f9498ec build(deps-dev): bump mocha from 9.0.2 to 9.0.3
  • 65b6c58 build(deps-dev): bump @ types/debug from 4.1.6 to 4.1.7

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chloe-lam @snyk-bot