[Snyk] Upgrade electron from 7.2.4 to 7.3.3 #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade electron from 7.2.4 to 7.3.3. See this package in npm: https://www.npmjs.com/package/electron See this project in Snyk: https://app.snyk.io/org/dumie505/project/f902521f-dbd6-4d15-a4a0-882b0b232295?utm_source=github&utm_medium=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade electron from 7.2.4 to 7.3.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-ELECTRON-608662
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-598894
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-570833
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569122
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569120
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569117
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569114
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569113
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569109
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569099
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-569042
Why? Has a fix available, CVSS 8.8
SNYK-JS-ELECTRON-568790
Why? Has a fix available, CVSS 8.8
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: electron
-
7.3.3 - 2020-08-25
- Backported fixe for UAF in extensions (NOCVE). #24420
- Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #24564
- Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #24627
- Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #24567
- Fix: heap-use-after-free in ui::AXTreeSerializerblink (Chromium security issue 1065122). #24555
- Fix: memcpy-param-overlap in AudioBuffer::copyFromChannel. (Chromium security issue 1081722). #24584
- Fix: remove leaks of post-redirect URL for
- Fix: update webrtc root certificate. (Chromium security issue 978779). #24619
- Fix: use-of-uninitialized-value in amr_read_header. (Chromium security issue 1065731). #24596
- Fix: usrsctp is called with pointer as network address. (Chromium security issue 1076703). #24561
- Backported the fix to CVE-2020-6532: Use after free in SCTP. #24894
- Security: Backported fix for CVE-2020-6541. #25026
-
7.3.2 - 2020-06-24
-
7.3.1 - 2020-06-01
-
7.3.0 - 2020-05-15
-
7.2.4 - 2020-04-29
from electron GitHub release notesRelease Notes for v7.3.3
Fixes
<script>in the CSP reports and stacktraces of errors (Chromium security issue 1074317). #24558Other Changes
End of Support for 7.x.y
Electron 7.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs