[Snyk] Security upgrade electron from 8.2.4 to 8.3.1 (#729)

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELECTRON-568790 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569042 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569099 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569113 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569114 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569117 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569120 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569122 - https://snyk.io/vuln/SNYK-JS-ELECTRON-570624 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746

[Snyk] Security upgrade electron from 8.2.4 to 8.3.1 (#729)
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELECTRON-568790 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569042 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569099 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569113 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569114 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569117 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569120 - https://snyk.io/vuln/SNYK-JS-ELECTRON-569122 - https://snyk.io/vuln/SNYK-JS-ELECTRON-570624 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
542520fc · Snyk bot · GitHub · 76c08514 · 542520fc · 542520fc
展开全部隐藏空白更改
内联并排

Showing with 3082 addition and 174 deletion

.snyk .snyk +6 -2

package-lock.json package-lock.json +3067 -168

package.json package.json +9 -4

未找到文件。
--- a/.snyk
+++ b/.snyk
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.13.5
+version: v1.16.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
  SNYK-JS-MINIMIST-559764:
    - electron > extract-zip > mkdirp > minimist:
        reason: None given
        expires: '2020-04-22T13:23:24.095Z'
-patch: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - electron > @electron/get > global-tunnel-ng > lodash:
+        patched: '2020-07-07T09:01:03.422Z'
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -28,7 +28,9 @@
    "postbuild-windows": "rmdir /S /Q prebuild-src",
    "test": "rsync -a --info=progress2 src/ prebuild-src --exclude node_modules && node prebuild-minify.js && cd prebuild-src && npm install && snyk test && cd .. && rm -R prebuild-src",
    "init-file-icons": "git submodule update --init",
-    "update-file-icons": "git submodule foreach git pull origin master && node file-icons-generator.js"
+    "update-file-icons": "git submodule foreach git pull origin master && node file-icons-generator.js",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
  },
  "repository": {
    "type": "git",
@@ -104,14 +106,17 @@
  },
  "dependencies": {
    "clean-css": "4.2.3",
-    "electron": "8.2.4",
+    "electron": "8.3.1",
    "electron-builder": "^22.5.1",
    "electron-rebuild": "^1.10.1",
    "node-abi": "2.16.0",
    "node-json-minify": "1.0.0",
-    "uglify-es": "3.3.9"
+    "uglify-es": "3.3.9",
+    "snyk": "^1.360.0"
  },
  "optionalDependencies": {
    "cson-parser": "4.0.4"
-  }
+  },
+  "snyk": true,
+  "devDependencies": {}
 }