[Snyk] Fix for 169 vulnerabilities

[j-sp4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/react-devtools/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1041745	Yes	Mature
	Improper Validation SNYK-JS-ELECTRON-1047306	Yes	Mature
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1048693	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-1049321	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1049323	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1049547	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1050424	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1050427	Yes	No Known Exploit
	Insufficient Validation SNYK-JS-ELECTRON-1050882	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1050999	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-1051000	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1064555	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1064558	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1064561	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1065981	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1070013	Yes	No Known Exploit
	Insufficient Validation SNYK-JS-ELECTRON-1070014	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1070015	Yes	No Known Exploit
	Heap Buffer Overflow SNYK-JS-ELECTRON-1085647	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1085705	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1085994	Yes	No Known Exploit
	Out-of-Bounds SNYK-JS-ELECTRON-1085996	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1085998	Yes	No Known Exploit
	Out-of-Bounds SNYK-JS-ELECTRON-1086693	Yes	No Known Exploit
	Access Restriction Bypass SNYK-JS-ELECTRON-1086694	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1086695	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1087442	Yes	No Known Exploit
	Out-of-bounds Write SNYK-JS-ELECTRON-1088600	Yes	Mature
	Insecure Defaults SNYK-JS-ELECTRON-1088602	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1252279	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1252280	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1253279	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1253281	Yes	No Known Exploit
	Out-of-bounds SNYK-JS-ELECTRON-1257943	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1258207	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1259349	Yes	No Known Exploit
	Integer Overflow or Wraparound SNYK-JS-ELECTRON-1260586	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-1261111	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1277203	Yes	No Known Exploit
	Integer Overflow SNYK-JS-ELECTRON-1277205	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1277526	Yes	No Known Exploit
	Out Of Bounds Read SNYK-JS-ELECTRON-1278596	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296553	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296555	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1296557	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1296559	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1296561	Yes	No Known Exploit
	Race Condition SNYK-JS-ELECTRON-1296563	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296565	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1312313	Yes	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-1312314	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1312315	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1313765	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1313767	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1314896	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1315151	Yes	No Known Exploit
	Out-of-bounds Write SNYK-JS-ELECTRON-1315668	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1533614	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1534881	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1534882	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1534883	Yes	Mature
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1534884	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1536579	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1536581	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1536587	Yes	No Known Exploit
	Out-of-Bounds SNYK-JS-ELECTRON-1585619	Yes	Mature
	Type Confusion SNYK-JS-ELECTRON-1586050	Yes	No Known Exploit
	Buffer Overflow SNYK-JS-ELECTRON-1656742	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1656743	Yes	Mature
	Out-of-Bounds SNYK-JS-ELECTRON-1656745	Yes	No Known Exploit
	Access Restriction Bypass SNYK-JS-ELECTRON-1656746	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1656752	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1727342	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1727344	Yes	Mature
	Sandbox Bypass SNYK-JS-ELECTRON-1731315	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1910985	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1910987	Yes	No Known Exploit
	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-1910988	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-1910991	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1911949	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1912074	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1912075	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912082	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912084	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1912085	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1924893	Yes	No Known Exploit
	Inappropriate Implementation SNYK-JS-ELECTRON-1924894	Yes	No Known Exploit
	Inappropriate Implementation SNYK-JS-ELECTRON-1924895	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1930826	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2322001	Yes	Mature
	Domain Spoofing SNYK-JS-ELECTRON-2329155	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2329162	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-2329257	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2330890	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-2332173	Yes	No Known Exploit
	Improper Control of a Resource Through its Lifetime SNYK-JS-ELECTRON-2332176	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2338684	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-2339883	Yes	No Known Exploit
	Interger Underflow SNYK-JS-ELECTRON-2351961	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2404183	Yes	No Known Exploit
	Improper Check or Handling of Exceptional Conditions SNYK-JS-ELECTRON-2404184	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2414027	Yes	Mature
	Integer Overflow or Wraparound SNYK-JS-ELECTRON-2420972	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2420994	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-2422385	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-2431353	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-2434822	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-2434824	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2774694	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-2803052	Yes	No Known Exploit
	Improper implementation SNYK-JS-ELECTRON-2803053	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-2805803	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-2805927	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-2806357	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2806730	Yes	No Known Exploit
	Inappropriate implementation SNYK-JS-ELECTRON-2807802	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-2807803	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2807804	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2807809	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2808872	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2808873	Yes	No Known Exploit
	Inappropriate implementation SNYK-JS-ELECTRON-2808874	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2812497	Yes	No Known Exploit
	Inappropriate implementation SNYK-JS-ELECTRON-2812499	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2824110	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2838863	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-2869408	Yes	No Known Exploit
	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-2869410	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2870632	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-2932172	Yes	No Known Exploit
	Protection Mechanism Failure SNYK-JS-ELECTRON-2934721	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2946881	Yes	Mature
	Type Confusion SNYK-JS-ELECTRON-2946891	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-ELECTRON-2961655	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-2977510	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-2977512	Yes	No Known Exploit
	Buffer Overflow SNYK-JS-ELECTRON-2978483	Yes	No Known Exploit
	Access Control Bypass SNYK-JS-ELECTRON-2978519	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2992453	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2992478	Yes	No Known Exploit
	Improper Authentication SNYK-JS-ELECTRON-2992482	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-2994414	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-ELECTRON-3014402	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-3014405	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-3014407	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-3014409	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-3014411	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-564272	Yes	No Known Exploit
	Heap Overflow SNYK-JS-ELECTRON-565051	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-565052	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-565362	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565366	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565368	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565441	Yes	No Known Exploit
	Buffer Underflow SNYK-JS-ELECTRON-565488	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565490	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565494	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565571	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565705	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565709	Yes	No Known Exploit
	Site Isolation Bypass SNYK-JS-ELECTRON-565713	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-570624	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-570833	Yes	Proof of Concept
	Arbitrary File Read SNYK-JS-ELECTRON-575393	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575394	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575395	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575396	Yes	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit

Commit messages

Package name: update-notifier

The new version differs by 42 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version (Add invariant to make sure we pass a node to componentDidMount facebook/react#192)
• 132b7ce Remove a project from "Users" section (Firefox: div contentEditable triggers "TypeError: setting a property that has only a getter" facebook/react#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output (Parsing error for HTML entity in nested JSX. facebook/react#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option (setState (and others) parameters format facebook/react#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option (Support for <{'Module'} {'key'}={'value'}> facebook/react#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (Pass rootNode for componentWillUnmount facebook/react#174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Arbitrary File Read
🦉 Site Isolation Bypass
🦉 More lessons are available in Snyk Learn