[Snyk] Security upgrade electron from 18.3.14 to 18.3.15 #11531
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELECTRON-3033161 - https://snyk.io/vuln/SNYK-JS-ELECTRON-3033934
melvin-bot
bot
requested review from
aldo-expensify
and removed request for
a team
|
I am so lost why is this PR created as me... 😕 |
|
lol, it is not passing the "Contributor Checklist / checklist (pull_request)". |
There was a problem hiding this comment.
No breaking changes: https://github.com/electron/electron/releases/tag/v18.3.15, This is a very small version increment, just fixing security issues.
Tested the desktop app and seems to be working fine.
|
@aldo-expensify looks like this was merged without passing tests. Please add a note explaining why this was done and remove the |
|
No emergency: Snyk did a poor job and didn't check the Contributor's checklist |
|
✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release. |
|
@aldo-expensify Well, I think the idea is that we would both go through the checklist in this case? Me as the author and you as the reviewer? But I'm not entirely sure. I don't even know why this PR was created. I sure as hell didn't create it. |
|
Not sure what Snyk uses to create PR's using our accounts, but this is not the first PR I get like this. You may be right about the approach with the checklist, but I'm pretty sure that it would be just about checking everything because they are no changes in the code besides the dependencies. Regarding screenshots... a screenshot showing that the App is working could suffice (i mean for next time)? |
|
A few other PR's like this one created with our accounts in App: https://github.com/Expensify/App/pulls?q=is%3Apr+This+PR+was+automatically+created+by+Snyk+using+the+credentials+of+a+real+user+is%3Aclosed |
yes, probably depends on the case though. If the dependency is related to Electron then I'd have a test to build the desktop app at the very least. |
|
Agreed, that's what I tested |
|
🚀 Deployed to staging by @aldo-expensify in version: 1.2.12-0 🚀
|
|
🚀 Deployed to production by @AndrewGable in version: 1.2.12-4 🚀
|
…87fa5a6e1361a9c64d34c4 [Snyk] Security upgrade electron from 18.3.14 to 18.3.15
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
SNYK-JS-ELECTRON-3033161
SNYK-JS-ELECTRON-3033934
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.