[HOLD for payment 2023-04-03] [Snyk] Security upgrade electron from 22.3.3 to 22.3.4

[melvin-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Use After Free SNYK-JS-ELECTRON-3369913	No	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0184c812953fd69a34
• Upwork Job ID: 1639298758199308288
• Last Price Increase: 2023-03-24

[MelvinBot]

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes. 
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.

[MelvinBot]

Job added to Upwork: https://www.upwork.com/jobs/~0184c812953fd69a34

[MelvinBot]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @sobitneupane (Internal)

[MelvinBot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[MelvinBot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.2.89-0 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• [Snyk] Security upgrade electron from 22.3.3 to 22.3.4 #16478

If no regressions arise, payment will be issued on 2023-04-03. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[MelvinBot]

@sobitneupane Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[MelvinBot]

@sobitneupane 6 days overdue. This is scarier than being forced to listen to Vogon poetry!

[MelvinBot]

@sobitneupane 6 days overdue. This is scarier than being forced to listen to Vogon poetry!

[MelvinBot]

@sobitneupane 8 days overdue is a lot. Should this be a Weekly issue? If so, feel free to change it!

[MelvinBot]

@sobitneupane 10 days overdue. Is anyone even seeing these? Hello?

[MelvinBot]

This issue has not been updated in over 14 days. @sobitneupane eroding to Weekly issue.

[melvin-bot]

This issue has not been updated in over 15 days. @sobitneupane eroding to Monthly issue.

P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!

[melvin-bot]

@sobitneupane, this Monthly task hasn't been acted upon in 6 weeks; closing.

If you disagree, feel encouraged to reopen it -- but pick your least important issue to close instead.