Update firefox-profile-js dependency because of security warning

[wachunei]

Is this a feature request or a bug?

Dependency request feature because of security warning
saadtazi/firefox-profile-js#112

What is the current behavior?

dependency firefox-profile-js version 2.0.0

What is the expected or desired behavior?

update to version 3.1.0

[rpl]

Note to self: firefox-profile@3.1.0 isn't officially released yet, but there is a firefox-profile@3.1.0-alpha.1 alpha version that has to be tested to provide feedback to the upstream firefox-profile developer (See saadtazi/firefox-profile-js#112 (comment)).

[wachunei]

Hello @rpl, I've opened a Draft PR #2029 with the temporary update, so far all tests are passing, I'm going to report this to firefox-profile maintainer. I just want to ask you if your are certain the test suite is covering this package.

[wachunei]

Handled by #2030

[Rob--W]

Note that firefox-profile-js only uses the zip functionality of archiver: https://github.com/saadtazi/firefox-profile-js/blob/cd63285ffa575637472ff281b0d671d3b36d606a/lib/firefox_profile.js#L455

The security vulnerability is in the tar-stream package, which is presumably used for tar files, not zip files. This security warning is not applicable to firefox-profile-js nor web-ext.

[Rob--W]

Fixed by #2030.