[Snyk] Fix for 60 vulnerabilities

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/run-in-electron/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1912075	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912082	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1924893	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Inappropriate Implementation SNYK-JS-ELECTRON-1924894	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Inappropriate Implementation SNYK-JS-ELECTRON-1924895	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1930826	Yes	No Known Exploit
	794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Use After Free SNYK-JS-ELECTRON-2322001	Yes	Mature
	539/1000 Why? Has a fix available, CVSS 6.5	Domain Spoofing SNYK-JS-ELECTRON-2329155	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2329162	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-2329257	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2330890	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-ELECTRON-2332173	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Control of a Resource Through its Lifetime SNYK-JS-ELECTRON-2332176	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2338684	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-2339883	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Interger Underflow SNYK-JS-ELECTRON-2351961	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2404183	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Check or Handling of Exceptional Conditions SNYK-JS-ELECTRON-2404184	Yes	No Known Exploit
	809/1000 Why? Mature exploit, Has a fix available, CVSS 7.6	Use After Free SNYK-JS-ELECTRON-2414027	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow or Wraparound SNYK-JS-ELECTRON-2420972	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2420994	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-2422385	Yes	No Known Exploit
	384/1000 Why? Has a fix available, CVSS 3.4	Improper Access Control SNYK-JS-ELECTRON-2431353	Yes	No Known Exploit
	794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Type Confusion SNYK-JS-ELECTRON-2434822	Yes	Mature
	554/1000 Why? Has a fix available, CVSS 6.8	Use After Free SNYK-JS-ELECTRON-2434824	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2774694	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Type Confusion SNYK-JS-ELECTRON-2803052	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Improper implementation SNYK-JS-ELECTRON-2803053	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Type Confusion SNYK-JS-ELECTRON-2806357	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2806730	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Inappropriate implementation SNYK-JS-ELECTRON-2807802	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-ELECTRON-2807803	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2807804	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Use After Free SNYK-JS-ELECTRON-2807809	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2808872	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2808873	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Inappropriate implementation SNYK-JS-ELECTRON-2808874	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2812497	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Inappropriate implementation SNYK-JS-ELECTRON-2812499	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2824110	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2838863	Yes	No Known Exploit
	544/1000 Why? Has a fix available, CVSS 6.6	Improper Input Validation SNYK-JS-ELECTRON-2869408	Yes	No Known Exploit
	489/1000 Why? Has a fix available, CVSS 5.5	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-2869410	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2870632	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-ELECTRON-2932172	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Protection Mechanism Failure SNYK-JS-ELECTRON-2934721	Yes	No Known Exploit
	816/1000 Why? Mature exploit, Has a fix available, CVSS 8.6	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2946881	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-2946891	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ELECTRON-2961655	Yes	No Known Exploit
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-2977510	Yes	No Known Exploit
	/1000 Why?	Improper Input Validation SNYK-JS-ELECTRON-2977512	Yes	No Known Exploit
	/1000 Why?	Buffer Overflow SNYK-JS-ELECTRON-2978483	Yes	No Known Exploit
	/1000 Why?	Access Control Bypass SNYK-JS-ELECTRON-2978519	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-JUSTSAFESET-1920917	No	No Known Exploit
	/1000 Why?	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	/1000 Why?	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	/1000 Why?	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	/1000 Why?	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-rebuild

The new version differs by 195 commits.

• 72f21bf feat!: 3.0.0 (fixed minor typo in the example ipfs/js-ipfs#799)
• ceb6ad5 ci: use the Node 16 Docker image for the release job
• e166132 chore: update deps, require Node 12 (Feat/expose ipfs utils ipfs/js-ipfs#784)
• 60d277e build(deps-dev): bump @ types/node from 16.4.11 to 16.4.12
• 695655a build(deps): bump yargs from 17.0.1 to 17.1.0
• f2b982c build(deps): bump tar from 6.1.5 to 6.1.6
• 5f198d9 build(deps-dev): bump @ types/node from 16.4.10 to 16.4.11
• 45174ad Merge pull request feat: no need anymore to append ipfs/Qmhash to webrtc-star multiaddrs ipfs/js-ipfs#792 from electron/dependabot/npm_and_yarn/tar-6.1.5
• b10f9ef build(deps): bump tar from 6.1.4 to 6.1.5
• 00a4da7 build(deps): bump tar from 6.1.3 to 6.1.4
• 3468d48 build(deps-dev): bump @ typescript-eslint/parser from 4.28.5 to 4.29.0
• 9906fcb build(deps-dev): bump @ typescript-eslint/eslint-plugin
• a100d50 build(deps): bump tar from 6.1.2 to 6.1.3
• 991f2a5 build(deps-dev): bump @ types/node from 16.4.7 to 16.4.10
• d883702 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
• 97f03ad build(deps-dev): bump @ types/node from 16.4.6 to 16.4.7
• 19147cc build(deps-dev): bump @ types/node from 16.4.4 to 16.4.6
• a028f8d build(deps-dev): bump @ types/node from 16.4.3 to 16.4.4
• 6e500a2 build(deps-dev): bump @ typescript-eslint/parser from 4.28.4 to 4.28.5
• dfc79cd build(deps-dev): bump @ typescript-eslint/eslint-plugin
• 5a4c46a build(deps): bump tar from 6.1.1 to 6.1.2
• b430f90 build(deps-dev): bump @ types/node from 16.4.1 to 16.4.3
• f9498ec build(deps-dev): bump mocha from 9.0.2 to 9.0.3
• 65b6c58 build(deps-dev): bump @ types/debug from 4.1.6 to 4.1.7

See the full diff

Package name: ipfs

The new version differs by 250 commits.

• 38e78cc chore: release master (chore: release master ipfs/js-ipfs#4099)
• 919b27a chore: update deps
• 4e93dd5 fix: update to latest libp2p interfaces (fix: update to latest libp2p interfaces ipfs/js-ipfs#4111)
• 7165bf7 docs: add upgrade guide for ESM release (docs: add upgrade guide for ESM release ipfs/js-ipfs#4098)
• 74aee8b feat: update to libp2p 0.37.x (feat: update to libp2p 0.37.x ipfs/js-ipfs#4092)
• 361dab6 chore: release master (chore: release master ipfs/js-ipfs#4078)
• 8f7ce23 fix: upgrade dep of ipfs-utils ^9.0.2->^9.0.6 (fix: upgrade dep of ipfs-utils ^9.0.2->^9.0.6 ipfs/js-ipfs#4086)
• c367840 fix: update car dependency for CARv2 read support (fix: update car dependency for CARv2 read support ipfs/js-ipfs#4085)
• e90b8f1 fix: BWOptions.interval accepts number|string (fix: BWOptions.interval accepts number|string ipfs/js-ipfs#4061)
• 6c3cb73 fix: exclude fs from bundle (fix: exclude fs from bundle ipfs/js-ipfs#4076)
• 1a73160 fix(rmlink): fix rmlink to match docs (fix(rmlink): fix rmlink to match docs ipfs/js-ipfs#4073)
• c51b160 chore: release master (chore: release master ipfs/js-ipfs#4057)
• df1bd1b fix: add deps used in ipfs-core-types (fix: add deps used in ipfs-core-types ipfs/js-ipfs#4058)
• 125d42b fix: missing files on publish (fix: missing files on publish ipfs/js-ipfs#4056)
• 1082fce chore: fix links to config defaults (chore: fix links to config defaults ipfs/js-ipfs#4049)
• e7f8531 chore: release master (chore: release master ipfs/js-ipfs#4041)
• 709831f fix: override hashing algorithm when importing files (fix: override hashing algorithm when importing files ipfs/js-ipfs#4042)
• 383dc07 chore: fix broken links and help text (chore: fix broken links and help text ipfs/js-ipfs#4043)
• 3a74c11 docs: fixed link to examples (docs: fixed link to js-ipfs-examples ipfs/js-ipfs#4037)
• 596b1f4 fix(dag): replace custom dag walk with multiformats/traversal (fix(dag): replace custom dag walk with multiformats/traversal ipfs/js-ipfs#3950)
• 2c8ec08 chore: re-enable examples (chore: re-enable examples ipfs/js-ipfs#4036)
• 8d26021 chore: re-enable build
• b01b06b chore: release master (chore: release master ipfs/js-ipfs#4034)
• cca6e32 chore: override last release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Open Redirect
🦉 Prototype Pollution