Expensify / App

Welcome to New Expensify: a complete re-imagination of financial collaboration, centered around chat. Help us build the next generation of Expensify by sharing feedback and contributing to the code.
https://new.expensify.com
MIT License
3.51k stars 2.86k forks source link

[Snyk] Upgrade electron-updater from 6.1.9 to 6.2.1 #38894

Closed melvin-bot[bot] closed 7 months ago

melvin-bot[bot] commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade electron-updater from 6.1.9 to 6.2.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **2 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2024-03-03.
Release notes
Package name: electron-updater
  • 6.2.1 - 2024-03-03
  • 6.2.0 - 2024-03-02
  • 6.1.9 - 2024-02-17
from electron-updater GitHub release notes

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/expensify/project/9be44749-775a-47a6-be6b-781145c25b98?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/expensify/project/9be44749-775a-47a6-be6b-781145c25b98/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/expensify/project/9be44749-775a-47a6-be6b-781145c25b98/settings/integration?pkg=electron-updater&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
Upwork Automation - Do Not Edit
  • Upwork Job URL: https://www.upwork.com/jobs/~01f34770e9a178d140
  • Upwork Job ID: 1771956745599815680
  • Last Price Increase: 2024-03-24
melvin-bot[bot] commented 7 months ago

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.
melvin-bot[bot] commented 7 months ago

Job added to Upwork: https://www.upwork.com/jobs/~01f34770e9a178d140

melvin-bot[bot] commented 7 months ago

Triggered auto assignment to Contributor Plus for review of internal employee PR - @jjcoffee (Internal)

jjcoffee commented 7 months ago

Linked PR is closed, we can close this issue. (Not sure if automation is broken for these?)

:ribbon::eyes::ribbon: C+ reviewed

melvin-bot[bot] commented 7 months ago

Triggered auto assignment to @NikkiWines, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

NikkiWines commented 7 months ago

Yeah, looks like this didn't auto-close due to the missing issue link in the PR but this is fine to close out. Thanks for catching that @jjcoffee 🙇