From f1be357f8ac3e36aef382b610a89b0567953645b Mon Sep 17 00:00:00 2001 From: Aaron Liu Date: Sun, 4 Aug 2024 00:05:10 -0400 Subject: [PATCH] fix security vulnerabilities (#929) bump electron-updater and tar --- package-lock.json | 29 +++++++++++++++++++++-------- package.json | 2 +- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index c805413..e31ae83 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "electron-log": "^5.0.0-beta.16", "electron-next": "^3.1.5", "electron-settings": "^4.0.3", - "electron-updater": "^6.2.1", + "electron-updater": "^6.3.0", "firebase": "^10.11.0", "gray-matter": "^4.0.3", "jotai": "^2.2.2", @@ -2912,6 +2912,7 @@ "version": "9.2.4", "resolved": "https://registry.npmjs.org/builder-util-runtime/-/builder-util-runtime-9.2.4.tgz", "integrity": "sha512-upp+biKpN/XZMLim7aguUyW8s0FUpDvOtK6sbanMFDAMBzpHDqdhgVYm6zc9HJ6nWo7u2Lxk60i2M6Jd3aiNrA==", + "dev": true, "dependencies": { "debug": "^4.3.4", "sax": "^1.2.4" @@ -3948,11 +3949,11 @@ "dev": true }, "node_modules/electron-updater": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/electron-updater/-/electron-updater-6.2.1.tgz", - "integrity": "sha512-83eKIPW14qwZqUUM6wdsIRwVKZyjmHxQ4/8G+1C6iS5PdDt7b1umYQyj1/qPpH510GmHEQe4q0kCPe3qmb3a0Q==", + "version": "6.3.2", + "resolved": "https://registry.npmjs.org/electron-updater/-/electron-updater-6.3.2.tgz", + "integrity": "sha512-bEpuZ1IRnMtvZZaWeYi9ocX90Cnk+/impZ/08r6GQkfOMqECtKC2IjvxHcDk2VpWO8QZzK0+MUNaBiO81CGvQQ==", "dependencies": { - "builder-util-runtime": "9.2.4", + "builder-util-runtime": "9.2.5", "fs-extra": "^10.1.0", "js-yaml": "^4.1.0", "lazy-val": "^1.0.5", @@ -3962,6 +3963,18 @@ "tiny-typed-emitter": "^2.1.0" } }, + "node_modules/electron-updater/node_modules/builder-util-runtime": { + "version": "9.2.5", + "resolved": "https://registry.npmjs.org/builder-util-runtime/-/builder-util-runtime-9.2.5.tgz", + "integrity": "sha512-HjIDfhvqx/8B3TDN4GbABQcgpewTU4LMRTQPkVpKYV3lsuxEJoIfvg09GyWTNmfVNSUAYf+fbTN//JX4TH20pg==", + "dependencies": { + "debug": "^4.3.4", + "sax": "^1.2.4" + }, + "engines": { + "node": ">=12.0.0" + } + }, "node_modules/electron-updater/node_modules/fs-extra": { "version": "10.1.0", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz", @@ -8001,9 +8014,9 @@ } }, "node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "dev": true, "dependencies": { "chownr": "^2.0.0", diff --git a/package.json b/package.json index 452a10f..388b9ad 100644 --- a/package.json +++ b/package.json @@ -235,7 +235,7 @@ "electron-log": "^5.0.0-beta.16", "electron-next": "^3.1.5", "electron-settings": "^4.0.3", - "electron-updater": "^6.2.1", + "electron-updater": "^6.3.0", "firebase": "^10.11.0", "gray-matter": "^4.0.3", "jotai": "^2.2.2",