Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade electron-forge from 2.12.0 to 5.1.1 #54

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade electron-forge from 2.12.0 to 5.1.1 #54

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: electron-forge The new version differs by 236 commits.
  • b7340c6 5.1.1
  • eecfd65 updated CHANGELOG.md
  • dee72fd chore(packager): upgrade electron-packager to 11.0.0
  • 42abee3 chore(generic): upgrade node-fetch to 2.0.0 and fetch-mock to 6.0.0
  • bc7a148 5.1.0
  • f629bb8 updated CHANGELOG.md
  • 1415102 feat(publisher): add GitHub Enterprise/HTTP proxy support to the GitHub publisher
  • e83832a Add links to third-party makers/publishers on NPM
  • 358f0ba 5.0.0
  • 6f92810 updated CHANGELOG.md
  • a2382a4 Note the minimum snapcraft version for export-login
  • 1232c5e Fix typo
  • fbcc35f Be more helpful about Snapcraft credentials
  • 4eb2f29 Update copy based on PR feedback
  • c5b7d0d feat(publisher): add snapcraft publisher
  • 86f987d feat(maker): add builtin snap support
  • 45ace6c feat(publisher): add dir to publisher args & convert args from positional to keyword
  • 8d5ff91 4.3.0
  • b080efb updated CHANGELOG.md
  • 707a1e3 fix(maker): wix only works on win32 currently
  • 2d4179f Bump minimum requirement for electron-wix-msi
  • fa80cd3 refactor(maker): extract author name parsing into its own function
  • 52a6408 AppVeyor: add Wix to PATH
  • 76166af feat(maker): add Wix support

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
0204204 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot