[Snyk] Upgrade update-electron-app from 1.3.0 to 2.0.1

[snyk-bot]

Snyk has created this PR to upgrade update-electron-app from 1.3.0 to 2.0.1.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2020-09-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONPOINTER-598804	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-608662	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-598894	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-570833	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-570624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Buffer Overflow SNYK-JS-ELECTRON-569122	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569120	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Validation SNYK-JS-ELECTRON-569117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569114	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-569113	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569109	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569099	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569042	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Out-of-bounds Write SNYK-JS-ELECTRON-568790	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-1051000	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1050999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insufficient Validation SNYK-JS-ELECTRON-1050882	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1049547	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1049323	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-1049321	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1048693	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1041745	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1050427	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: update-electron-app

• 97204db fix: force a release ([DepShield] (CVSS 7.5) Vulnerability due to usage of acorn:5.7.3 #68)
• 9f6d981 chore: force release ([DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.templatesettings:4.1.0 #67)
• 916c9e3 fix: update the typescript types and usage ([DepShield] (CVSS 8.8) Vulnerability due to usage of minimist:0.0.8 #66)
• 1b84c8a fix: replace arguments object with array of params ([Snyk] Security upgrade electron from 7.2.4 to 11.4.11 #63)
• ca03156 chore: force release
• 0551b94 chore: run publish from CFA context
• fcc88a9 refactor: update `dialog.showMessageBox` to use promise version ([Snyk] Security upgrade electron from 7.2.4 to 11.4.10 #61)
• 0599592 build: add cfa support ([Snyk] Security upgrade electron from 7.2.4 to 11.4.11 #62)
• ba88c0e chore: Bump npm from 6.13.4 to 6.14.6 ([Snyk] Security upgrade electron from 7.2.4 to 11.4.9 #59)
• fa7e795 chore: Bump lodash from 4.17.14 to 4.17.19 ([Snyk] Security upgrade electron from 7.2.4 to 11.4.10 #60)
• 41cac66 chore: Bump https-proxy-agent from 2.2.1 to 2.2.4 (chore: bump normalize-url from 4.5.0 to 4.5.1 #54)
• 57b3cc2 chore: Bump npm from 6.9.0 to 6.13.4 ([Snyk] Security upgrade electron from 7.2.4 to 10.4.7 #51)
• ab8bbeb chore: Bump handlebars from 4.1.2 to 4.5.3 ([Snyk] Security upgrade electron from 7.2.4 to 10.4.7 #52)
• ea3c1d6 chore: Bump mixin-deep from 1.3.1 to 1.3.2 (Circleci project setup #50)
• f87a4c7 chore: Bump eslint-utils from 1.3.1 to 1.4.2 ([Snyk] Security upgrade electron from 7.2.4 to 10.4.4 #49)
• dd5d6d2 chore: Bump lodash from 4.17.11 to 4.17.14 ([Snyk] Security upgrade electron from 7.2.4 to 10.4.4 #47)
• 434afdb feat: add notifyUser option to disable the upgrade dialog prompt ([Snyk] Security upgrade electron from 7.2.4 to 10.4.4 #46)
• 32ecb3a fix: update semantic-release ([Snyk] Security upgrade electron from 7.2.4 to 10.4.4 #44)
• 47b97a9 fix: trigger new release for handlebars dep upgrade ([Snyk] Security upgrade electron from 7.2.4 to 12.0.5 #43)
• 45c81f4 fix:
• ad4cfa7 chore: Bump js-yaml from 3.12.0 to 3.13.1 ([Snyk] Security upgrade electron from 7.2.4 to 12.0.5 #42)
• 7f9353d chore: Bump handlebars from 4.0.12 to 4.1.2 ([Snyk] Security upgrade electron from 7.2.4 to 12.0.5 #41)
• ce584ce add package-lock
• 31980d3 feat: add process.arch for win32-ia32 support ([Snyk] Security upgrade electron from 7.2.4 to 11.2.2 #35)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information