Update Electron app dependencies with known vulnerabilities #6166
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
raksooo
force-pushed
the
update-dependencies-with-known-vulnerabilities-des-902
branch
from
79b91fd to
413e1d8
Compare
raksooo
changed the title
raksooo
force-pushed
the
update-dependencies-with-known-vulnerabilities-des-902
branch
from
413e1d8 to
1d687f5
Compare
raksooo
force-pushed
the
update-dependencies-with-known-vulnerabilities-des-902
branch
from
1d687f5 to
fea168d
Compare
MarkusPettersson98
approved these changes
Apr 24, 2024
There was a problem hiding this comment.
Reviewed 5 of 5 files at r1, all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved
raksooo
force-pushed
the
update-dependencies-with-known-vulnerabilities-des-902
branch
6 times, most recently
from
0091c0d to
a6408b4
Compare
|
To make the notarization work I had to:
|
MarkusPettersson98
approved these changes
Apr 25, 2024
There was a problem hiding this comment.
What a mess 😂 Gj on finding a solution 🙌
Reviewed 4 of 4 files at r2, all commit messages.
Reviewable status:
To fix issues with electron-builder and @electron/notarize this commit: * Replaces old notarization code with built-in solution in electron-builder * Moves notarization of pkg to build.sh
raksooo
force-pushed
the
update-dependencies-with-known-vulnerabilities-des-902
branch
from
a6408b4 to
c94fc08
Compare
raksooo
deleted the
update-dependencies-with-known-vulnerabilities-des-902
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains dependency updates for packages with known vulnerabilities, most of them were fixed by just running
npm audit fix, butelectron-builderhad to be updated manually.Most of the vulnerabilities doesn't affect our app, but the one in the dependency tree of
electron-builderdoes. It enables privilege escelation on Windows by utilizing the following vulnerability in the installer: GHSA-r4pf-3v7r-hh55This change is