[$1000] [HOLD for payment 2023-05-16] [Snyk] Security upgrade electron from 22.3.6 to 22.3.7

[melvin-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	880/1000 Why? Mature exploit, Recently disclosed, Has a fix available, CVSS 7.6	Integer Overflow or Wraparound SNYK-JS-ELECTRON-5462056	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~013e6c354c4810571c
• Upwork Job ID: 1652318066339057664
• Last Price Increase: 2023-05-19

[MelvinBot]

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.

[MelvinBot]

Job added to Upwork: https://www.upwork.com/jobs/~013e6c354c4810571c

[MelvinBot]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @aimane-chnaif (Internal)

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.3.12-0 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• [Snyk] Security upgrade electron from 22.3.6 to 22.3.7 #18193

If no regressions arise, payment will be issued on 2023-05-16. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[melvin-bot]

@aimane-chnaif Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[aimane-chnaif]

@stitesExpensify can you please add BZ member for me?

[melvin-bot]

Triggered auto assignment to @tjferriss (External), see https://stackoverflow.com/c/expensify/questions/8582 for more details.

[melvin-bot]

Current assignee @aimane-chnaif is eligible for the External assigner, not assigning anyone new.

[melvin-bot]

Triggered auto assignment to @thienlnam (External), see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[thienlnam]

@tjferriss This issue is ready for payment - internal review to @aimane-chnaif

[melvin-bot]

@tjferriss, @thienlnam, @aimane-chnaif Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[thienlnam]

Bump when you get the chance @tjferriss

[tjferriss]

@aimane-chnaif the offer is pending your acceptance: https://www.upwork.com/jobs/~0168b695076da79b8d.

[melvin-bot]

@tjferriss, @thienlnam, @aimane-chnaif Whoops! This issue is 2 days overdue. Let's get this updated quick!

[tjferriss]

@aimane-chnaif has been paid.