fix(deps): update dependency cross-spawn to v7.0.5 [security] #8693
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
🦋 Changeset detectedLatest commit: ba3dd8a The changes in this PR will be included in the next version bump. This PR includes changesets to release 10 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
This was referenced Nov 17, 2024
This was referenced Nov 26, 2024
mmaietta
pushed a commit
that referenced
this pull request
Jan 26, 2025
## 26.0.0 ### Major Changes - [#8782](#8782) [`633490cb`](633490c) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: removing conditional logic that would build HFS+ dmg on non-arm64 macs as HFS+ was sunset in macos 15.2 - [#8582](#8582) [`6a9597b4`](6a9597b) Thanks [@mmaietta](https://github.com/mmaietta)! - chore: remove deprecated fields from `winOptions` and `macOptions`. (For `winOptions` signing configuration, it has been moved to `win.signtoolOptions` in order to support `azureOptions` as a separate field and avoid bloating `win` configuration object. For `macOptions`, notarize options has been deprecated in favor of env vars for quite some time. Env vars are much more secure) - [#8572](#8572) [`0dbe357a`](0dbe357) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: allowing additional entries in .desktop file, such as `[Desktop Actions <actionName>]`. Requires changing configuration `desktop` property to object to be more extensible in the future - [#8562](#8562) [`b8185d48`](b8185d4) Thanks [@beyondkmp](https://github.com/beyondkmp)! - support including node_modules in other subdirectories ### Minor Changes - [#8787](#8787) [`cdf18d9a`](cdf18d9) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: add `pwsh` detection to enable azure trusted signing within docker image - [#8711](#8711) [`6f0fb8e4`](6f0fb8e) Thanks [@hrueger](https://github.com/hrueger)! - Add `host` property to support self-hosted Keygen instances - [#8636](#8636) [`88cc0b06`](88cc0b0) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: add support for AppArmor with template profile and configuration property - [#8609](#8609) [`d672b04b`](d672b04) Thanks [@iongion](https://github.com/iongion)! - feat: support completely custom AppxManifest.xml - [#8607](#8607) [`f123628c`](f123628) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: allow disabling of building a universal windows installer - [#8588](#8588) [`8434e10d`](8434e10) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: adding integration with @electron/fuses - [#8570](#8570) [`c8484305`](c848430) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: migrate to official `electron/asar` packaging - [#8525](#8525) [`13f55a3e`](13f55a3) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: migrate `electronDist` to be an electron-builder `Hook` - [#8394](#8394) [`ae9221d9`](ae9221d) Thanks [@xyloflake](https://github.com/xyloflake)! - feat: Implement autoupdates for pacman - [#8741](#8741) [`eacbbf59`](eacbbf5) Thanks [@0xlau](https://github.com/0xlau)! - Add `forcePathStyle` option to S3Options ### Patch Changes - [#8575](#8575) [`dfa35c32`](dfa35c3) Thanks [@doctolivier](https://github.com/doctolivier)! - chore(deps): update @electron/rebuild to v3.7.0 - [#8576](#8576) [`3eab7143`](3eab714) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix: packages in the workspace not being under node_modules - [#8577](#8577) [`e9eef0c1`](e9eef0c) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: add additional default exclusions to copy logic - [#8596](#8596) [`e0b0e351`](e0b0e35) Thanks [@mmaietta](https://github.com/mmaietta)! - chore: refactor files for publishing to electron-publish - [#8601](#8601) [`215fc36b`](215fc36) Thanks [@mmaietta](https://github.com/mmaietta)! - Revert "fix(win): use appInfo description as primary entry for FileDescription" to resolve [#8599](#8599) - [#8603](#8603) [`712a8bce`](712a8bc) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: checking relative path without separator as that doesn't work on Windows - [#8604](#8604) [`d4ea0d99`](d4ea0d9) Thanks [@beyondkmp](https://github.com/beyondkmp)! - chore(deps): update app-builder-bin to 5.0.0-alpha.11 - [#8606](#8606) [`a0e635c1`](a0e635c) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: add quotes to surround file path during azure signing to handle files with spaces - [#8627](#8627) [`2a3195d9`](2a3195d) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: add rfc3161 timestamp entry as default for azure signing to resolve Windows Defender alert - [#8631](#8631) [`dcd91a1f`](dcd91a1) Thanks [@olivereisenhut](https://github.com/olivereisenhut)! - fix: Remove path from published binaries - [#8632](#8632) [`645e2abd`](645e2ab) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: only sign concurrently when using local signtool. azure can't be in parallel due to resources being locked during usage - [#8637](#8637) [`667ab2f8`](667ab2f) Thanks [@mmaietta](https://github.com/mmaietta)! - chore: migrate default recommends and default depends for fpm from app-builder-bin to JS code - [#8645](#8645) [`f4d40f91`](f4d40f9) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix: smart unpack for local module with dll - [#8653](#8653) [`796e1a07`](796e1a0) Thanks [@IsaacAderogba](https://github.com/IsaacAderogba)! - fix: cscIKeyPassword must support empty string arguments - [#8654](#8654) [`9e11358f`](9e11358) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: check ResolvedFileSet src when verifying symlinks to be within project directory - [#8661](#8661) [`6a294c97`](6a294c9) Thanks [@t3chguy](https://github.com/t3chguy)! - chore: remove stale handler for `extend-info` in electronMac plist creation - [#8689](#8689) [`1d7f87c1`](1d7f87c) Thanks [@Lemonexe](https://github.com/Lemonexe)! - fix(win): corrupt asar integrity file path on crossplatform build - [#8693](#8693) [`6a6bed46`](6a6bed4) Thanks [@renovate](https://github.com/apps/renovate)! - fix(deps): update dependency cross-spawn to v7.0.5 [security] - [#8714](#8714) [`66334502`](6633450) Thanks [@kttmv](https://github.com/kttmv)! - chore: Remove informal Russian messages in the NSIS installer - [#8715](#8715) [`4c394d54`](4c394d5) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix: does not work with NPM workspaces - [#8717](#8717) [`9381513d`](9381513) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix(deps): update dependency eslint to v9.16.0 [security] - [#8783](#8783) [`a5558e33`](a5558e3) Thanks [@mmaietta](https://github.com/mmaietta)! - chore(deps): upgrade cross spawn 7.0.6 - [#8805](#8805) [`c6d6b6e5`](c6d6b6e) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: ASAR files in extraResources are not included in integrity calculations - [`a1ee0419`](a1ee041) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: use FileCopier for copying files and queue creation of symlinks ## electron-updater 6.4.0 ### Minor Changes - [#8711](#8711) [`6f0fb8e4`](6f0fb8e) Thanks [@hrueger](https://github.com/hrueger)! - Add `host` property to support self-hosted Keygen instances - [#8633](#8633) [`96f5c3eb`](96f5c3e) Thanks [@mmaietta](https://github.com/mmaietta)! - feat(updater): allow usage of `autoRunAppAfterInstall` on mac updater - [#8394](#8394) [`ae9221d9`](ae9221d) Thanks [@xyloflake](https://github.com/xyloflake)! - feat: Implement autoupdates for pacman ### Patch Changes - [#8802](#8802) [`4a68fd2d`](4a68fd2) Thanks [@erijo](https://github.com/erijo)! - fix(linux): AppImage update fails when filename contains spaces - [#8623](#8623) [`cfa67c01`](cfa67c0) Thanks [@DamonYu6](https://github.com/DamonYu6)! - fix: copyFileSync operation will block the main thread - [#8695](#8695) [`819eff7b`](819eff7) Thanks [@peter-sanderson](https://github.com/peter-sanderson)! - fix: respect `disableDifferentialDownload` flag for AppImage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.0.3->7.0.5GitHub Vulnerability Alerts
CVE-2024-21538
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Release Notes
moxystudio/node-cross-spawn (cross-spawn)
v7.0.5Compare Source
v7.0.4Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.