[Snyk] Upgrade electron-builder from 22.3.2 to 22.14.7 #153

snyk-bot · 2021-12-04T22:15:17Z

Snyk has created this PR to upgrade electron-builder from 22.3.2 to 22.14.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 44 versions ahead of your current version.
The recommended version was released 23 days ago, on 2021-11-11.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-543307	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Use After Free SNYK-JS-ELECTRON-1041745	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Time of Check Time of Use (TOCTOU) npm:chownr:20180731	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1910225	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1766967	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1298037	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-MERMAID-1314738	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-EJS-1049328	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: electron-builder

22.14.7 - 2021-11-11
Bug Fixes
- builder-util: enable proxy handling in NodeHttpExecutor (#6410) (#6286) (#5906) (04a8435)
22.14.6 - 2021-11-09
Pre-release: [email protected]

Bug Fixes
- latest node-gyp with old Electron versions (#6402) (f41d5f3)
- linux: mutually exclusive exec command args (#6384) (5468c18)
- quitAndInstall not working on macOS with autoInstallOnAppQuit=false (#6390) (a5e8073)
- rerunning test-linux to update snapshot for upstream dep that now uses additional depedencies (#6403) (434d388)
22.14.5 - 2021-10-13
[email protected]

Bug Fixes
- SnapStoreOptions required properties (#6327) (#6333) (54ee4e7)
22.14.4 - 2021-10-05
Bug Fixes
- add appCannotBeClosed text for zh_CN (#6287) (10b4727)
- app-builder-lib: macOS packager uses static icon name (#6308) (fce1a1f)
- publish: Bitbucket publish can have username different from owner (#6293) (8ebfc96)
- Update assistedMessages.yml with korean entries (#6309) (e29a6b8)
22.14.3 - 2021-09-25
Bug Fixes
- msi: fix broken shortcut icon when using msi target, adding msi option iconId (#6247) (a9ec90d)
22.14.2 - 2021-09-10
Bug Fixes
- (mac) Fix intel mac upgrade flow when both x64 and arm64 published (#6212) (0c21cd6)
- Add support for nested file extensions (such as .dmg.blockmap) to Keygen publisher (#6234) (369f1fa), closes #6229
Features
- adding Bitbucket publisher and autoupdater (#6228) (a945321)
22.14.1 - 2021-09-09
22.14.0 - 2021-09-08
22.13.1 - 2021-08-27
Bug Fixes
- Adding snapStore to AllPublishOptions for generating Configuration schema (#6193) (7f933d0)
- Support Windows 11 in VMs (#6185) (f6a3053)
22.13.0 - 2021-08-25
Features
- add beforePack hook (#6176) (6f42f64)
- Adding Keygen as an official publisher/updater for electron-builder (#6167) (f45110c)
22.12.1 - 2021-08-22
[email protected] @ next

Bug Fixes
- console log data for electron-updater blockmaps are far too large (#6143) (ae363e5)
- deploy: remove zulip release message (695f89a)
- electron-updater: null object error when MacUpdater logs server port before it is listening (#6149) (ca0e845)
- electron-updater: fix import errors (#6140) (a3f2cd1), closes #6134
- replace deprecated --cache-min option (#6165) (c02ccbb)
- windows: detect node path correctly on windows with cross-spawn (#6069) (#6172) (6c945bd)
- workaround vite replacing process.env in updater (#6160) (a3c72b2)
22.12.0 - 2021-08-09
Bug Fixes
- electron-updater: search 'arm64' in name and url to fix updates from Github private repos (1580ea6)
- electron-updater: small cleanup and add more debug logging for MacUpdater to investigate #6120 (#6122) (ae81dfa)
- electron-updater: use tag name instead of version when resolving GitHub files (#6117) (dcf03a6)
- nsis: should close app when Silent and ONE_CLICK (#6100) (baf640d)
Features
- nsis: allow custom makensis and nsis logging (#6024) (a99a7c8), closes #5119
- portable: Adding support for unique dir on each portable app launch (#6093) (f8e16db), closes #5764 #5382 #4105
22.11.11 - 2021-07-29
22.11.10 - 2021-07-24
22.11.9 - 2021-07-14
22.11.8 - 2021-07-01
22.11.7 - 2021-06-11
22.11.6 - 2021-06-11
22.11.5 - 2021-05-19
22.11.4 - 2021-05-14
22.11.3 - 2021-05-11
22.11.2 - 2021-05-10
22.11.1 - 2021-05-03
22.10.5 - 2021-02-18
22.10.4 - 2020-12-22
22.10.3 - 2020-12-14
22.10.2 - 2020-12-14
22.10.1 - 2020-12-14
22.10.0 - 2020-12-14
22.9.1 - 2020-09-22
22.9.0 - 2020-09-20
22.8.1 - 2020-07-28
22.8.0 - 2020-07-16
22.7.0 - 2020-05-26
22.6.1 - 2020-05-14
22.6.0 - 2020-04-29
22.5.1 - 2020-04-16
22.5.0 - 2020-04-01
22.4.1 - 2020-03-11
22.4.0 - 2020-03-03
22.3.6 - 2020-03-03
22.3.5 - 2020-02-23
22.3.4 - 2020-02-23
22.3.3 - 2020-01-26
22.3.2 - 2020-01-26

from electron-builder GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade electron-builder from 22.3.2 to 22.14.7. See this package in npm: https://www.npmjs.com/package/electron-builder See this project in Snyk: https://app.snyk.io/org/hafixo/project/2b0519aa-4600-406f-b788-49996d3b75c9?utm_source=github&utm_medium=referral&page=upgrade-pr

This was referenced Jan 31, 2022

[Snyk] Fix for 4 vulnerabilities #173

Open

[Snyk] Fix for 12 vulnerabilities #174

Open

[Snyk] Fix for 4 vulnerabilities #176

Open

This was referenced Mar 2, 2022

[Snyk] Fix for 5 vulnerabilities #190

Open

[Snyk] Fix for 12 vulnerabilities #192

Open

[Snyk] Security upgrade follow-redirects from 1.11.0 to 1.14.8 #198

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade electron-builder from 22.3.2 to 22.14.7 #153

[Snyk] Upgrade electron-builder from 22.3.2 to 22.14.7 #153

snyk-bot commented Dec 4, 2021

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

[Snyk] Upgrade electron-builder from 22.3.2 to 22.14.7 #153

Are you sure you want to change the base?

[Snyk] Upgrade electron-builder from 22.3.2 to 22.14.7 #153

Conversation

snyk-bot commented Dec 4, 2021

Snyk has created this PR to upgrade electron-builder from 22.3.2 to 22.14.7.

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features