Switching update-notifier to simple-update-notifier due to dependency…

… vulnerability. Updating typescript, prettier, semver, and yargs

docs/api/electron-builder.md

@@ -1097,7 +1097,7 @@ return path.join(target.outDir, <code>__${target.name}-${getArtifactArchName(arc
 </tr>
 <tr>
 <td>outputFormat</td>
-<td><code>“icns”</code> | <code>“ico”</code> | <code>“set”</code></td>
+<td><code>“set”</code> | <code>“icns”</code> | <code>“ico”</code></td>
 </tr>
 </tbody>
 </table>

docs/configuration/win.md

@@ -15,7 +15,7 @@ The top-level [win](configuration.md#Configuration-win) key contains set of opti
 </ul>
 <hr>
 <ul>
-<li><code id="WindowsConfiguration-signingHashAlgorithms">signingHashAlgorithms</code> = <code>['sha1', 'sha256']</code> Array&lt;“sha1” | “sha256”&gt; | “undefined” - Array of signing algorithms used. For AppX <code>sha256</code> is always used.</li>
+<li><code id="WindowsConfiguration-signingHashAlgorithms">signingHashAlgorithms</code> = <code>['sha1', 'sha256']</code> Array&lt;“sha256” | “sha1”&gt; | “undefined” - Array of signing algorithms used. For AppX <code>sha256</code> is always used.</li>
 <li><code id="WindowsConfiguration-sign">sign</code> String | (configuration: CustomWindowsSignTaskConfiguration) =&gt; Promise - The custom function (or path to file or module id) to sign Windows executable.</li>
 <li><code id="WindowsConfiguration-certificateFile">certificateFile</code> String | “undefined” - The path to the *.pfx certificate you want to sign with. Please use it only if you cannot use env variable <code>CSC_LINK</code> (<code>WIN_CSC_LINK</code>) for some reason. Please see <a href="/code-signing">Code Signing</a>.</li>
 <li><code id="WindowsConfiguration-certificatePassword">certificatePassword</code> String | “undefined” - The password to the certificate provided in <code>certificateFile</code>. Please use it only if you cannot use env variable <code>CSC_KEY_PASSWORD</code> (<code>WIN_CSC_KEY_PASSWORD</code>) for some reason. Please see <a href="/code-signing">Code Signing</a>.</li>

package.json

@@ -67,11 +67,11 @@
     "lint-staged": "11.1.2",
     "markdown2html-pro": "1.0.6",
     "path-sort": "0.1.0",
-    "prettier": "2.3.2",
+    "prettier": "2.7.1",
     "replace-in-file": "6.2.0",
     "source-map-support": "0.5.21",
     "ts-jsdoc": "3.2.2",
-    "typescript": "4.3.5",
+    "typescript": "^4.4.0",
     "typescript-json-schema": "0.51.0",
     "v8-compile-cache": "2.3.0"
   },

packages/app-builder-lib/src/ProtonFramework.ts

@@ -36,7 +36,7 @@ export class ProtonFramework extends LibUiFramework {
     } else {
       try {
         babel = require("babel-core")
-      } catch (e) {
+      } catch (e: any) {
         // babel isn't installed
         log.debug(null, "don't transpile source code using Babel")
         return null

packages/app-builder-lib/src/asar/asarFileChecker.ts

@@ -10,14 +10,14 @@ export async function checkFileInArchive(asarFile: string, relativeFile: string,
   let fs
   try {
     fs = await readAsar(asarFile)
-  } catch (e) {
+  } catch (e: any) {
     throw error(`is corrupted: ${e}`)
   }
 
   let stat: Node | null
   try {
     stat = fs.getFile(relativeFile)
-  } catch (e) {
+  } catch (e: any) {
     const fileStat = await statOrNull(asarFile)
     if (fileStat == null) {
       throw error(`does not exist. Seems like a wrong configuration.`)

packages/app-builder-lib/src/codeSign/windowsCodeSign.ts

@@ -82,7 +82,7 @@ export async function getCertInfo(file: string, password: string): Promise<Certi
   const errorMessagePrefix = "Cannot extract publisher name from code signing certificate. As workaround, set win.publisherName. Error: "
   try {
     result = await executeAppBuilderAsJson<any>(["certificate-info", "--input", file, "--password", password])
-  } catch (e) {
+  } catch (e: any) {
     throw new Error(`${errorMessagePrefix}${e.stack || e}`)
   }
 
@@ -165,7 +165,7 @@ export async function doSign(configuration: CustomWindowsSignTaskConfiguration,
 
   try {
     await vm.exec(tool, args, { timeout, env })
-  } catch (e) {
+  } catch (e: any) {
     if (e.message.includes("The file is being used by another process") || e.message.includes("The specified timestamp server either could not be reached")) {
       log.warn(`First attempt to code sign failed, another attempt will be made in 15 seconds: ${e.message}`)
       await new Promise((resolve, reject) => {

packages/app-builder-lib/src/electron/electronVersion.ts

@@ -89,7 +89,7 @@ export async function computeElectronVersion(projectDir: string, projectMetadata
       const version = releaseInfo.tag_name.startsWith("v") ? releaseInfo.tag_name.substring(1) : releaseInfo.tag_name
       log.info({ version }, `resolve ${dependency.name}@${dependency.version}`)
       return version
-    } catch (e) {
+    } catch (e: any) {
       log.warn(e)
     }
 

packages/app-builder-lib/src/fileTransformer.ts

@@ -99,7 +99,7 @@ function cleanupPackageJson(data: any, options: CleanupPackageFileOptions): any
     if (changed) {
       return JSON.stringify(data, null, 2)
     }
-  } catch (e) {
+  } catch (e: any) {
     debug(e)
   }
 

packages/app-builder-lib/src/packager.ts

@@ -231,7 +231,7 @@ export class Packager {
 
     try {
       log.info({ version: PACKAGE_VERSION, os: getOsRelease() }, "electron-builder")
-    } catch (e) {
+    } catch (e: any) {
       // error in dev mode without babel
       if (!(e instanceof ReferenceError)) {
         throw e

packages/app-builder-lib/src/platformPackager.ts

@@ -757,7 +757,7 @@ export function resolveFunction<T>(executor: T | string, name: string): T {
 
   try {
     p = require.resolve(p)
-  } catch (e) {
+  } catch (e: any) {
     debug(e)
     p = path.resolve(p)
   }

packages/app-builder-lib/src/publish/KeygenPublisher.ts

@@ -185,15 +185,15 @@ export class KeygenPublisher extends HttpPublisher {
     try {
       // First, we'll attempt to fetch the release.
       return await this.getRelease()
-    } catch (e) {
+    } catch (e: any) {
       if (e.statusCode !== 404) {
         throw e
       }
 
       try {
         // Next, if the release doesn't exist, we'll attempt to create it.
         return await this.createRelease()
-      } catch (e) {
+      } catch (e: any) {
         if (e.statusCode !== 409 && e.statusCode !== 422) {
           throw e
         }

packages/app-builder-lib/src/publish/s3/s3Publisher.ts

@@ -20,7 +20,7 @@ export default class S3Publisher extends BaseS3Publisher {
       // on dotted bucket names, we need to use a path-based endpoint URL. Path-based endpoint URLs need to include the region.
       try {
         options.region = await executeAppBuilder(["get-bucket-location", "--bucket", bucket])
-      } catch (e) {
+      } catch (e: any) {
         if (errorIfCannot) {
           throw e
         } else {

packages/app-builder-lib/src/targets/archive.ts

@@ -182,7 +182,7 @@ export async function archive(format: string, outFile: string, dirToArchive: str
       },
       debug7z.enabled
     )
-  } catch (e) {
+  } catch (e: any) {
     if (e.code === "ENOENT" && !(await exists(dirToArchive))) {
       throw new Error(`Cannot create archive: "${dirToArchive}" doesn't exist`)
     } else {

packages/app-builder-lib/src/targets/nsis/NsisTarget.ts

@@ -749,7 +749,7 @@ async function ensureNotBusy(outFile: string): Promise<void> {
           } else {
             fs.close(fd, () => resolve(true))
           }
-        } catch (error) {
+        } catch (error: any) {
           reject(error)
         }
       })

packages/app-builder-lib/src/util/appBuilder.ts

@@ -9,7 +9,7 @@ export function executeAppBuilderAsJson<T>(args: Array<string>): Promise<T> {
 
     try {
       return JSON.parse(rawResult) as T
-    } catch (e) {
+    } catch (e: any) {
       throw new Error(`Cannot parse result: ${e.message}: "${rawResult}"`)
     }
   })

packages/app-builder-lib/src/util/cacheManager.ts

@@ -42,7 +42,7 @@ export class BuildCacheManager {
     try {
       await copyFile(this.cacheFile, this.executableFile, false)
       return true
-    } catch (e) {
+    } catch (e: any) {
       if (e.code === "ENOENT" || e.code === "ENOTDIR") {
         log.debug({ error: e.code }, "copy cached executable failed")
       } else {
@@ -66,7 +66,7 @@ export class BuildCacheManager {
     try {
       await mkdir(this.cacheDir, { recursive: true })
       await Promise.all([writeJson(this.cacheInfoFile, this.cacheInfo), copyFile(this.executableFile, this.cacheFile, false)])
-    } catch (e) {
+    } catch (e: any) {
       log.warn({ error: e.stack || e }, `cannot save build cache`)
     }
   }

packages/app-builder-lib/src/util/config.ts

@@ -168,7 +168,7 @@ function mergeFilters(value: Filter, other: Filter): string[] {
 }
 
 function mergeFileSets(lists: FileSet[][]): FileSet[] {
-  const result = []
+  const result: FileSet[] = []
 
   for (const list of lists) {
     for (const item of list) {

packages/app-builder-lib/src/winPackager.ts

@@ -170,7 +170,7 @@ export class WinPackager extends PlatformPackager<WindowsConfiguration> {
             case "squirrel":
               try {
                 return require("electron-builder-squirrel-windows").default
-              } catch (e) {
+              } catch (e: any) {
                 throw new InvalidConfigurationError(`Module electron-builder-squirrel-windows must be installed in addition to build Squirrel.Windows: ${e.stack || e}`)
               }
 
@@ -254,7 +254,7 @@ export class WinPackager extends PlatformPackager<WindowsConfiguration> {
       try {
         await sign(options, this)
         break
-      } catch (e) {
+      } catch (e: any) {
         // https://github.com/electron-userland/electron-builder/issues/1414
         const message = e.message
         if (message != null && message.includes("Couldn't resolve host name")) {

packages/builder-util-runtime/src/httpExecutor.ts

@@ -206,7 +206,7 @@ Please double check that your authentication token is correct. Due to security r
         } else {
           resolve(data.length === 0 ? null : data)
         }
-      } catch (e) {
+      } catch (e: any) {
         reject(e)
       }
     })
@@ -349,7 +349,7 @@ Please double check that your authentication token is correct. Due to security r
     for (let attemptNumber = 0; ; attemptNumber++) {
       try {
         return task()
-      } catch (e) {
+      } catch (e: any) {
         if (attemptNumber < maxRetries && ((e instanceof HttpError && e.isServerError()) || e.code === "EPIPE")) {
           continue
         }
@@ -417,7 +417,7 @@ export class DigestTransform extends Transform {
     if (this.isValidateOnEnd) {
       try {
         this.validate()
-      } catch (e) {
+      } catch (e: any) {
         callback(e)
         return
       }

packages/builder-util/src/fs.ts

@@ -35,7 +35,7 @@ export async function exists(file: string): Promise<boolean> {
   try {
     await access(file)
     return true
-  } catch (e) {
+  } catch (e: any) {
     return false
   }
 }

packages/builder-util/src/promise.ts

@@ -13,7 +13,7 @@ export async function executeFinally<T>(promise: Promise<T>, task: (isErrorOccur
   } catch (originalError) {
     try {
       await task(true)
-    } catch (taskError) {
+    } catch (taskError: any) {
       throw new NestedError([originalError, taskError])
     }
 

packages/builder-util/src/util.ts

@@ -173,7 +173,7 @@ export function doSpawn(command: string, args: Array<string>, options?: SpawnOpt
   logSpawn(command, args, options)
   try {
     return _spawn(command, args, options)
-  } catch (e) {
+  } catch (e: any) {
     throw new Error(`Cannot spawn ${command}: ${e.stack || e}`)
   }
 }
@@ -394,7 +394,7 @@ export function executeAppBuilder(
 export async function retry<T>(task: () => Promise<T>, retriesLeft: number, interval: number): Promise<T> {
   try {
     return await task()
-  } catch (error) {
+  } catch (error: any) {
     log.info(`Above command failed, retrying ${retriesLeft} more times`)
     if (retriesLeft > 0) {
       await new Promise(resolve => setTimeout(resolve, interval))

packages/dmg-builder/src/dmg.ts

@@ -309,7 +309,7 @@ async function customizeDmg(volumePath: string, specification: DmgOptions, packa
   }
   try {
     await executePython("python3")
-  } catch (error) {
+  } catch (error: any) {
     await executePython("python")
   }
   return packager.packagerOptions.effectiveOptionComputed == null || !(await packager.packagerOptions.effectiveOptionComputed({ volumePath, specification, packager }))

packages/dmg-builder/src/dmgUtil.ts

@@ -36,7 +36,7 @@ export async function attachAndExecute(dmgPath: string, readWrite: boolean, task
 export async function detach(name: string) {
   try {
     await exec("hdiutil", ["detach", "-quiet", name])
-  } catch (e) {
+  } catch (e: any) {
     await new Promise((resolve, reject) => {
       setTimeout(() => {
         exec("hdiutil", ["detach", "-force", name]).then(resolve).catch(reject)

packages/dmg-builder/src/licenseButtons.ts

@@ -51,7 +51,7 @@ export async function getLicenseButtons(licenseButtonFiles: Array<LicenseButtons
         log.debug({ lang: item.langName, data }, `overwriting license buttons`)
       }
       return data
-    } catch (e) {
+    } catch (e: any) {
       log.debug({ error: e }, "cannot overwrite license buttons")
       return data
     }
@@ -81,7 +81,7 @@ function hexEncode(str: string, lang: string, langWithRegion: string) {
         hex = "3F" //?
       }
       result += hex
-    } catch (e) {
+    } catch (e: any) {
       log.debug({ error: e, char: str[i] }, "cannot convert")
       result += "3F" //?
     }

packages/electron-builder/package.json

@@ -60,13 +60,12 @@
     "is-ci": "^3.0.0",
     "lazy-val": "^1.0.5",
     "read-config-file": "6.2.0",
-    "update-notifier": "^5.1.0",
-    "yargs": "^17.0.1"
+    "simple-update-notifier": "^1.0.7",
+    "yargs": "^17.5.1"
   },
   "devDependencies": {
     "@types/fs-extra": "9.0.13",
-    "@types/is-ci": "3.0.0",
-    "@types/update-notifier": "5.1.0"
+    "@types/is-ci": "3.0.0"
   },
   "typings": "./out/index.d.ts",
   "publishConfig": {

packages/electron-builder/src/cli/cli.ts

@@ -3,11 +3,11 @@
 import { InvalidConfigurationError, log } from "builder-util"
 import * as chalk from "chalk"
 import { getElectronVersion } from "app-builder-lib/out/electron/electronVersion"
-import { pathExists, readJson } from "fs-extra"
+import { readJson } from "fs-extra"
 import * as isCi from "is-ci"
 import * as path from "path"
 import { loadEnv } from "read-config-file"
-import * as updateNotifier from "update-notifier"
+import UpdateNotifier from "simple-update-notifier"
 import { ExecError } from "builder-util/out/util"
 import { build, configureBuildCommand, createYargs } from "../builder"
 import { createSelfSignedCert } from "./create-self-signed-cert"
@@ -73,17 +73,7 @@ function checkIsOutdated() {
       if (it.version === "0.0.0-semantic-release") {
         return
       }
-
-      const packageManager = (await pathExists(path.join(__dirname, "..", "..", "package-lock.json"))) ? "npm" : "yarn"
-
-      const notifier = updateNotifier({ pkg: it })
-      if (notifier.update != null) {
-        notifier.notify({
-          message: `Update available ${chalk.dim(notifier.update.current)}${chalk.reset(" → ")}${chalk.green(notifier.update.latest)} \nRun ${chalk.cyan(
-            `${packageManager} upgrade electron-builder`
-          )} to update`,
-        })
-      }
+      await UpdateNotifier({ pkg: it })
     })
     .catch(e => log.warn({ error: e }, "cannot check updates"))
 }

packages/electron-builder/src/cli/install-app-deps.ts

@@ -37,7 +37,7 @@ export function configureInstallAppDepsCommand(yargs: yargs.Argv): yargs.Argv {
 export async function installAppDeps(args: any) {
   try {
     log.info({ version: PACKAGE_VERSION }, "electron-builder")
-  } catch (e) {
+  } catch (e: any) {
     // error in dev mode without babel
     if (!(e instanceof ReferenceError)) {
       throw e

packages/electron-publish/src/gitHubPublisher.ts

@@ -249,7 +249,7 @@ export class GitHubPublisher extends HttpPublisher {
     for (let i = 0; i < 3; i++) {
       try {
         return await this.githubRequest(`/repos/${this.info.owner}/${this.info.repo}/releases/${release.id}`, this.token, null, "DELETE")
-      } catch (e) {
+      } catch (e: any) {
         if (e instanceof HttpError) {
           if (e.statusCode === 404) {
             log.warn({ releaseId: release.id, reason: "doesn't exist" }, "cannot delete release")

packages/electron-updater/package.json

@@ -23,7 +23,7 @@
     "lazy-val": "^1.0.5",
     "lodash.escaperegexp": "^4.1.2",
     "lodash.isequal": "^4.5.0",
-    "semver": "^7.3.5",
+    "semver": "^7.3.7",
     "typed-emitter": "^2.1.0"
   },
   "devDependencies": {

packages/electron-updater/src/AppImageUpdater.ts

@@ -58,7 +58,7 @@ export class AppImageUpdater extends BaseUpdater {
           }
 
           await new FileWithEmbeddedBlockMapDifferentialDownloader(fileInfo.info, this.httpExecutor, downloadOptions).download()
-        } catch (e) {
+        } catch (e: any) {
           this._logger.error(`Cannot download differentially, fallback to full download: ${e.stack || e}`)
           // during test (developer machine mac) we must throw error
           isDownloadFull = process.platform === "linux"