Skip to content
This repository has been archived by the owner on Jun 7, 2023. It is now read-only.

[Snyk] Security upgrade electron from 7.2.3 to 7.3.0 #2804

Merged
merged 3 commits into from
May 15, 2020
Merged

[Snyk] Security upgrade electron from 7.2.3 to 7.3.0 #2804

merged 3 commits into from
May 15, 2020

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

鉁╓hat is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 馃檹

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • src/desktop/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-568790		 No No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-569042		 No No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-569099		 No No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-569109		 No No Known Exploit
high severity Type Confusion
SNYK-JS-ELECTRON-569113		 No No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-569114		 No No Known Exploit
high severity Improper Validation
SNYK-JS-ELECTRON-569117		 No No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-569120		 No No Known Exploit
high severity Buffer Overflow
SNYK-JS-ELECTRON-569122		 No No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@rajivshah3 rajivshah3 self-assigned this May 15, 2020
@rajivshah3 rajivshah3 added C - Desktop E - Security Epic - Security related L - WIP Lifecycle - Work in Progress labels May 15, 2020
@rajivshah3 rajivshah3 added this to In progress in Trinity via automation May 15, 2020
@rajivshah3 rajivshah3 marked this pull request as draft May 15, 2020 18:48
@rajivshah3 rajivshah3 force-pushed the snyk-fix-023dd7c1e6c2e1cac197b3f85cce89dc branch from 3c63bb0 to 5ffca84 Compare May 15, 2020 19:38
@rajivshah3
chore(desktop): Disable WebSQL
c8809d0 
Electron 7.3.0 introduced WebSQL support but we don't use it, so it can be disabled (it's enabled by default)
@cvarley100 cvarley100 marked this pull request as ready for review May 15, 2020 20:56
Trinity automation moved this from In progress to Reviewer approved May 15, 2020
@cvarley100 cvarley100 merged commit b83963d into develop May 15, 2020
Trinity automation moved this from Reviewer approved to Done May 15, 2020
@rajivshah3 rajivshah3 deleted the snyk-fix-023dd7c1e6c2e1cac197b3f85cce89dc branch May 15, 2020 21:26
@rajivshah3 rajivshah3 removed the L - WIP Lifecycle - Work in Progress label May 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cvarley100 cvarley100 cvarley100 approved these changes

Assignees

@rajivshah3 rajivshah3

Labels
C - Desktop E - Security Epic - Security related
Projects
Trinity
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@snyk-bot @cvarley100 @rajivshah3