[Snyk] Fix for 17 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-packager

The new version differs by 250 commits.

• b56ea8a 17.0.0
• 34c3c4e docs: update NEWS.md for v17.0.0
• 21bb953 refactor: migrate from asar to @ electron/asar (#1431)
• 274c686 feat!: upgrade electron-osx-sign to @ electron/osx-sign (#1428)
• c02695f fix: remove ElectronAsarIntegrity when asar is disabled (#1281)
• f6e353a chore: Revert "chore: bump typedoc from 0.19.2 to 0.23.14 (#1416)" (#1420)
• 713d425 fix(types): add "universal" as a valid arch (#1407)
• 18749c7 chore: bump typedoc from 0.19.2 to 0.23.14 (#1416)
• 9124e28 16.0.0
• 88e8173 docs: Update NEWS.md
• 5c0102a fix: properly import info logger (#1405)
• 0d692d7 feat!: upgrade Node.js to 14 LTS (#1399)
• a723fa8 build: bump got to 2.0.0 (#1397)
• 8a86df2 15.5.2
• c7ecd1c docs: update NEWS.md
• 1baed70 chore: remove node 10 job (#1403)
• 7c01d6f revert: "feat!: upgrade Node.js to 14 LTS (#1393)" (#1398)
• b0f27bc fix: ignore node_gyp_bins if it exists (#1391)
• a6db65f chore: bump fs-extra from 9.1.0 to 10.1.0 (#1358)
• 7dcaf44 chore(deps): bump yargs-parser from 20.2.9 to 21.1.1 (#1395)
• c6b4c78 feat!: upgrade Node.js to 14 LTS (#1393)
• e147b5e docs: update SUPPORT.md
• a65eb75 fix: package should not log info on --quiet flag (#1361)
• 4c6c88f chore: bump sinon from 13.0.2 to 14.0.0 (#1364)

See the full diff

Package name: electron-winstaller

The new version differs by 56 commits.

• bad038d feat: force release for 4ac397cd81885d8db442d3499ca46549ff43f7ca
• 4a904c5 build: use newer semantic-release
• 5808567 build: use newer node for semantic release
• 4ade3f2 build: disable macOS CI (Fuck electron/electron-api-demos#441)
• 54352c3 build: migrate from master to main
• 2602432 refactor: migrate from asar to @ electron/asar (Create jekyll.yml electron/electron-api-demos#442)
• aab74eb chore: add semantic commit (无法下载安装包啊  electron/electron-api-demos#440)
• 4ac397c feat!: rename Options to SquirrelConfigOptions (chore: bump lodash.template from 4.4.0 to 4.5.0 electron/electron-api-demos#439)
• 476745f build(deps): bump y18n from 3.2.1 to 3.2.2 (update rgb2hex electron/electron-api-demos#379)
• f68d4f7 chore: temporarily disable linux CI
• 7098d84 fix: run tests on specific docker image
• f03161f feat!: Update to Squirrel.Windows 2.0.1 (stepanakdomain.sk electron/electron-api-demos#369)
• 7aacb15 fix: include swiftshader directory when creating installer for Electron 10+ (Cannot package app using Node >=10.0.0 electron/electron-api-demos#375)
• a524a6c ci: Use brew install --cask to fix macOS CI failures (Increment electron-packager dependency electron/electron-api-demos#376)
• 7b7c271 build(deps): bump lodash from 4.17.15 to 4.17.20
• e8692e0 build(deps): bump npm-user-validate from 1.0.0 to 1.0.1
• 7f6ea86 build(deps): bump node-fetch from 2.6.0 to 2.6.1 ( If there are more versions of the language, it will be good electron/electron-api-demos#359)
• 3958d39 build(deps): bump npm from 6.14.5 to 6.14.6
• e193923 build: replace AppVeyor with CircleCI Windows support (Update Node Version electron/electron-api-demos#343)
• 27b93d1 Merge pull request bump electron devDependencies to 1.8.2 electron/electron-api-demos#349 from electron/dependabot/npm_and_yarn/npm-registry-fetch-4.0.5
• 8d64c35 build(deps): bump npm-registry-fetch from 4.0.4 to 4.0.5
• 18c13d8 chore: upgrade to version 2 of the CFA client (replaces keyboard link with menu link electron/electron-api-demos#346)
• 46c32bf fix: update default iconUrl value since it moved (Updated README.md electron/electron-api-demos#345)
• 32e7364 docs: clarify format/use of iconUrl (update MacOS keyboard shortcut link electron/electron-api-demos#344)

See the full diff

Package name: spectron

The new version differs by 72 commits.

• d2ecadc fix: disable contextIsolation on webframes
• 04f97b5 chore: disable windowByIndex commands
• f60fdbc chore: set fixtures to contentIsolation: false, update deprecation log number
• 86bffe8 chore: upgrade to Electron 12, import @ electron/remote
• f4d097a Merge pull request #783 from AviVahl/replace-request-with-got
• 87a00b7 v13.0.0
• d515796 test(ci): use github actions Linux container (#782)
• 495f7d8 chore(deps): replace "request" with "got"
• 1510a9b Merge pull request #778 from AviVahl/electron-11
• d763b84 chore(deps): electron@11, latest others
• 2bfc7dd Merge pull request #772 from andersk/prepare
• 72ed944 Change prepack script to prepare
• fc4c67e Version 12.0.0
• 89206bf chore: upgrade Electron to v10.0.0 (#713)
• cfeeebe chore: bump standard from 12.0.1 to 14.3.4 (#604)
• 7b8520e chore: bump eslint from 7.3.1 to 7.9.0 (#706)
• 22ee8ed chore: bump @ typescript-eslint/parser from 3.4.0 to 3.10.1 (#690)
• bb2a42c chore: bump @ typescript-eslint/eslint-plugin from 3.4.0 to 4.0.0 (#698)
• 1439291 chore: bump typescript from 3.9.2 to 4.0.3 (#711)
• 1b75bf0 chore: bump webdriverio from 6.1.20 to 6.5.2 (#712)
• cf6d97c Version 11.1.0
• c4fe27e chore: Add prettier and eslint (#633)
• 9fdb353 chore: upgrade webdriverio to 6.1.20 (#631)
• 0e91e2b chore: bump electron from 8.0.0 to 9.0.0 (#611)

See the full diff

Package name: tap

The new version differs by 181 commits.

• 8f2baa7 16.0.0
• 65e599e drop support for node v10
• 84fc6df docs: changelog for v16
• e6acf7b update coveralls documentation to say to install it
• 3c7b3ef document coveralls removal in the cli help output
• 43bf1df undocument synonyms
• 1ff75a4 make coveralls an optional peer dep
• 3f1ae47 Add eslint for linting
• 162c1a8 Support Typescript for --before and --after
• 28d2d03 Fix script on using node-tap with codecov
• 3a0e81c docs: fix broken link
• 1b636b2 Add jsonpath-faster
• c4bdeef fix typo `than` to `that`
• 20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
• 90dda0b update cli doc
• 636ab18 15.2.3
• e609d8f docs: changelog for 15.2
• c182328 [email protected]
• f576a60 docs: setting t.snapshotFile
• d9fa241 [email protected]
• a02f33e update cli doc
• d1500b6 15.2.2
• b784d77 tap-parser@11
• 567384e update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn