[Snyk] Fix for 1 vulnerabilities

[maniator]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-packager

The new version differs by 250 commits.

• 41acebf docs(news): fix 15.0.0 link
• 0fb2f1f 15.0.0
• 65ae3fe chore(deps): bump electron-notarize from 0.3.0 to 1.0.0 (cmd don't run before electron start electron/forge#1157)
• 198ffb2 refactor: replace sanitize-filename with filenamify (chore(deps): bump xterm from 4.0.0 to 4.0.1 electron/forge#1156)
• 34d6fb1 build: test Node 14 in CI (chore(deps): bump webpack from 4.39.3 to 4.40.0 electron/forge#1155)
• 4d22659 fix(infer): add missing fields to the infer error message (chore(deps-dev): bump @types/node from 12.7.4 to 12.7.5 electron/forge#1153)
• e41de9f build(deps-dev): upgrade eslint to ^7.1.0 & @ typescript-eslint/* to ^3.0.0 (chore(deps-dev): bump typescript from 3.6.2 to 3.6.3 electron/forge#1152)
• 1ba3294 build: merge ESLint config files into package.json when possible
• 0505742 docs: clarify disabling pruning via the API in the README
• a0ef38f refactor: rename ignore source files/functions to copy-filter (chore(deps): bump xterm from 3.14.5 to 4.0.0 electron/forge#1151)
• e3913f6 feat: Add support for macOS app API key notarization (chore(deps): bump @octokit/rest from 16.28.7 to 16.28.8 electron/forge#1127)
• 366df35 build(deps): upgrade electron-notarize to ^0.3.0
• 37a0f2c Merge pull request chore(deps-dev): bump @types/semver from 6.0.1 to 6.0.2 electron/forge#1139 - refactor: replace cross-zip with extract-zip
• bc61ca5 refactor: replace cross-zip with extract-zip
• 9c9b8de test(unzip): refactor for efficiency and readability
• b4247f9 test(unzip): unzip should preserve symbolic links
• 39851a1 chore(deps): bump fs-extra from 8.1.0 to 9.0.0 (chore(deps): bump webpack-dev-middleware from 3.7.0 to 3.7.1 electron/forge#1137)
• fc1dbbc chore(deps-dev): bump typedoc from 0.16.11 to 0.17.1 (chore(deps-dev): bump nodemon from 1.19.1 to 1.19.2 electron/forge#1136)
• c9c5170 fix(mac): check for osxNotarize.hardened-runtime in addition to hardenedRuntime
• 4081666 build: upgrade asar to ^3.0.0
• 30169e3 build: ignore typedoc output for eslint
• eaf597b build: upgrade to malept/github-action-gh-pages@1.0.2
• c937f41 docs: note in usage that sub-properties listed aren't exhaustive
• 68c63f7 docs: add electron-notarize to DEBUG list

See the full diff

Package name: electron-rebuild

The new version differs by 250 commits.

• 801f3e0 chore(deps-dev): bump @ types/node from 16.11.1 to 16.11.7
• c8e1211 chore(deps-dev): bump @ typescript-eslint/parser from 4.32.0 to 4.33.0
• 3213261 chore(deps): bump node-abi from 3.2.0 to 3.3.0
• 2fb3172 chore(deps-dev): bump @ types/tar from 4.0.5 to 6.1.0
• c17ee57 Merge pull request chore: upgrade electron-rebuild to ^1.8.5 electron/forge#883 from electron/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-4.33.0
• cd088fb chore(deps-dev): bump @ types/yargs from 17.0.3 to 17.0.4
• ce03ed8 chore(deps-dev): bump mocha from 9.1.2 to 9.1.3
• 39a98cd chore(deps-dev): bump @ types/node from 16.10.3 to 16.11.1
• 23bbcdb chore(deps-dev): bump typescript from 4.4.3 to 4.4.4
• 12ed1c9 chore(deps-dev): bump ts-node from 10.2.1 to 10.3.0
• f32f0b3 Merge pull request build(deps): bump express from 4.17.0 to 4.17.1 electron/forge#887 from electron/dependabot/npm_and_yarn/types/node-16.10.3
• 97b2f27 chore(deps-dev): bump @ types/node from 16.10.2 to 16.10.3
• 0d36824 fix: force release
• 73b7bc2 chore(deps-dev): bump @ typescript-eslint/eslint-plugin
• f6ca720 chore(deps-dev): bump @ types/node from 16.10.1 to 16.10.2
• e0ca555 chore(deps): bump yargs from 17.1.1 to 17.2.1
• 44fd667 chore(deps-dev): bump mocha from 9.1.1 to 9.1.2
• 39986a4 chore(deps-dev): bump @ types/node from 16.9.4 to 16.10.1
• 4b14999 chore(deps-dev): bump @ typescript-eslint/eslint-plugin
• b821529 chore(deps-dev): bump @ typescript-eslint/parser from 4.31.2 to 4.32.0
• 1e85769 chore(deps): bump node-abi from 3.0.0 to 3.2.0
• 496455d chore(deps-dev): bump @ types/fs-extra from 9.0.12 to 9.0.13
• 0eba957 chore(deps-dev): bump @ types/chai from 4.2.21 to 4.2.22
• cf13512 chore(deps-dev): bump @ types/yargs from 17.0.2 to 17.0.3

See the full diff

Package name: node-gyp

The new version differs by 169 commits.

• 33affe2 v7.0.0: bump version and update changelog
• ba4f34b doc: update catalina xcode clt download link
• f7bfce9 doc: update acid test and introduce curl|bash test script
• 4937722 deps: replace mkdirp with {recursive} mkdir
• a6b76a8 gyp: update gyp to 0.2.1
• e529f33 doc: update README to reflect upgrade to gyp-next
• ebc34ec gyp: update gyp to 0.2.0
• 9aed628 doc: give more attention to Catalina issues doc
• 963f2a7 doc: improve cataline discoverability for search engines
• d45438a deps: update deps, match to npm@7
• 5f47b7a v5.1.1: bump version and update changelog
• c255ffb lib: drop "-2" flag for "py.exe" launcher
• 741ab09 test: remove support for EOL versions of Node.js
• 6356117 doc, bin: stop suggesting opening node-gyp issues
• 7b75af3 doc: add macOS Catalina software update info
• 4f23c7b doc: update link to the code of conduct (build(deps-dev): bump @babel/cli from 7.12.8 to 7.12.10 electron/forge#2073)
• 473cfa2 doc: note in README that Python 3.8 is supported (docs(async-ora): clarify use with DEBUG electron/forge#2072)
• e18a61a build: shrink bloated addon binaries on windows
• ca86ef2 test: bump actions/checkout from v1 to v2
• e7402b4 doc: update catalina xcode cli tools download link (build(deps-dev): bump @typescript-eslint/parser from 4.8.0 to 4.8.1 electron/forge#2044)
• 972780b gyp: sync code base with nodejs repo (build(deps): bump electron-wix-msi from 3.0.0 to 3.0.2 electron/forge#1975)
• dab0305 v5.1.0: bump version and update changelog
• 35de459 doc: update catalina xcode cli tools download link; formatting
• 4864219 doc: add download link for Command Line Tools for Xcode

See the full diff

Package name: semver

The new version differs by 168 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (fix(core): stops breaking regexps in the config parser electron/forge#566)
• 5c8efbc fix: preserve build in raw after inc (Removing HMR + WebpackPlugin electron/forge#565)
• 717534e fix: better handling of whitespace (--inspect-electron starts debugger, but does not pause at breakpoints (or debugger) electron/forge#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (chore(all): upgrade dependencies electron/forge#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (es6/7 electron/forge#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (Using ejs with Forge v6 and electron-compile electron/forge#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (publish windows ia32,x64 to github fail electron/forge#552)
• 503a4e5 feat: allow identifierBase to be false (Run electron-forge on the Linux Subsystem for Windows (WSL) electron/forge#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (Using webpack with electron-forge v5 electron/forge#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (latest.yml not getting created on make command for windows updates electron/forge#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD ((v6) Closing the electron window after starting via start does not end the process electron/forge#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (node-gyp fails to run from within forge for win32, MSVS2017 electron/forge#538)
• aa516b5 fix: faster parse options (Cannot find module '...\node_modules\@electron-forge\@electron-forge\cli\dist\electron-forge-start.js' electron/forge#535)
• 61e6ea1 fix: faster cache key factory for range (Finding right path to electron-forge-start.js for VSCode Debugger (fixing #535) electron/forge#536)
• f8b8b61 fix: optimistic parse (Empty config in @electron-forge/publisher-nucleus@6.0.0-beta.22 electron/forge#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (Bashrc modification can cause warnings electron/forge#533)
• 3f222b1 fix: reuse comparators on subset (Append current version to each sibling dependency of @electron-forge in the boilerplate electron/forge#537)
• 113f513 feat: identifierBase parameter for .inc (Failing to Install electron forge on Windows with Method Not Allowed Error (HTTP 405) electron/forge#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)