[Snyk] Fix for 1 vulnerabilities

[HelloKittyHacker]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • script/package.json
  • script/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-chromedriver

The new version differs by 26 commits.

• 3807adb Merge pull request Bump lodash from 4.17.15 to 4.17.21 in /packages/about #62 from electron/9-x-y
• 5a726b8 v9.0.0
• 3d0e75f fix: install npm_config_platform=win32 (Bump ua-parser-js from 0.7.20 to 0.7.28 #61)
• ab6cd41 Merge pull request [Snyk] Security upgrade stylelint from 9.3.0 to 13.7.0 #59 from erickzhao/chore/migrate-get
• b244950 chore: force node 10.12
• 1e4599b chore: upgrade extract-zip to v2.0.0
• 3c22216 refactor: migrate to @ electron/get
• d25a3ac Merge pull request [Snyk] Security upgrade atom-package-manager from 2.4.3 to 2.5.0 #57 from electron/dependabot/npm_and_yarn/acorn-6.4.1
• 2a0b450 Bump acorn from 6.2.1 to 6.4.1
• 0e494e4 Merge pull request Bump y18n from 3.2.1 to 3.2.2 #55 from electron/8-x-y
• 400df8e v8.0.0
• c3f66d6 chore: update for 8.0.0-beta.7 ([Snyk] Security upgrade yargs from 4.8.1 to 10.0.0 #54)
• 209fa2e chore: set @ wg-releases as CODEOWNERS ([Snyk] Security upgrade yargs from 4.8.1 to 10.0.0 #53)
• ed80a77 Merge pull request [Snyk] Security upgrade atom-package-manager from 2.4.3 to 2.6.1 #50 from electron/7-0-x
• 5cba324 Update for v7.0.0
• 2ca0405 Merge pull request [Snyk] Security upgrade npm from 6.2.0 to 7.0.0 #48 from electron/dependabot/npm_and_yarn/eslint-utils-1.4.2
• 0051436 chore: Update to 7.0.0-beta.5
• 4b48320 Bump eslint-utils from 1.4.0 to 1.4.2
• 2f4cca7 Merge pull request [Snyk] Security upgrade color from 0.7.3 to 1.0.0 #47 from electron/update-standard-mocha
• e3feaf5 chore: update standard and mocha
• 148292a Merge pull request [Snyk] Security upgrade stylelint from 9.3.0 to 13.0.0 #46 from electron/update-stable-6
• bfb0ce6 chore: add support for Electron v6.0.0
• 8dc45bf Bump js-yaml from 3.12.0 to 3.13.1 ([Snyk] Security upgrade babel-core from 5.8.38 to 6.9.0 #43)
• 2a79a74 Bump handlebars from 4.0.12 to 4.1.2 ([Snyk] Security upgrade publish-release from 1.6.0 to 1.6.1 #44)

See the full diff

Package name: electron-mksnapshot

The new version differs by 13 commits.

• 4c31a01 chore: update to v9.0.0 ([Snyk] Security upgrade publish-release from 1.6.0 to 1.6.1 #28)
• fcba03d chore: update mksnapshot to work with arm*-x64 zips ([Snyk] Security upgrade babel-core from 5.8.38 to 6.9.0 #27)
• baeb2a2 Fix download on ARM ([Snyk] Security upgrade marked from 0.3.19 to 1.1.1 #26)
• dfc0cd1 Bump acorn from 7.1.0 to 7.1.1 ([Snyk] Security upgrade marked from 0.3.19 to 1.1.1 #25)
• 6d9510e 8.0.0 (Bump lodash from 4.17.15 to 4.17.19 in /packages/about #24)
• e77fd2c v7.0.0
• 3c4921f 6.0.0 ([Snyk] Security upgrade publish-release from 1.6.0 to 1.6.1 #21)
• cc99f15 Bump lodash from 4.17.11 to 4.17.14 ([Snyk] Security upgrade babel-core from 5.8.38 to 6.9.0 #20)
• 4d3798f Bump extend from 3.0.1 to 3.0.2 ([Snyk] Security upgrade npm from 6.2.0 to 6.14.6 #19)
• 546c646 build: update for 6.0.0-beta.2 ([Snyk] Security upgrade atom-package-manager from 2.4.3 to 2.5.0 #18)
• 66c95ca build: update for 6.0.0-beta.1 (Bump npm from 6.2.0 to 6.14.6 in /script #17)
• 199a6a7 build: update for 5.x.x ([Snyk] Security upgrade atom-package-manager from 2.4.3 to 2.5.0 #16)
• 21a3ed0 build: update for 4.2.x ([Snyk] Fix for 1 vulnerabilities #15)

See the full diff

Package name: electron-packager

The new version differs by 78 commits.

• 8d03dd7 14.0.0
• fe05b3e Merge pull request #1017 from electron-userland/v14-develop
• a77eb2d chore: add NEWS entries for v14
• f8a3cac Linux/ia32 warning moved from Packager to @ electron/get (#1016)
• 67e3021 test: fix CLI test names, add --no-download.rejectUnauthorized test
• 5f09eb5 refactor: use object shorthand in targets exports
• cf7c725 feat: convert from electron-download to @ electron/get (#1002)
• cc470ef refactor: always test against post-1.0 versions of Electron (#1012)
• 51cce5b chore: install Wine via homebrew on macOS
• 6075368 chore: use yarn on Travis/macOS
• f56c84e chore: upgrade the ava ecosystem to ^2
• 2f6e385 chore: refactor codesign testing (#1010)
• 8356c07 chore: avoid running npm install for fixtures (#1009)
• 99e28bb feat: ignore system junk files by default (#1005)
• 058f8d4 chore: upgrade electron-notarize to ^0.1.1
• 14625fb chore: upgrade rcedit to ^2.0.0 (#1003)
• c3a499a Replace extract-zip with cross-zip (#984)
• 481937a Wrap await example in a function because top-level await doesn't exist yet
• ae73870 chore: upgrade eslint-plugin-node to ^9.0.1
• 3be181a chore: split up NPM scripts
• 70b96d0 Upgrade asar to ^2.0.1
• 34a305a Update asar to ^2.0.0
• dd0f0de Drop mz for util.promisify (#983)
• b0b253b Update tempy requirement from ^0.2.1 to ^0.3.0 (#980)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)