Open melvin-bot[bot] opened 3 months ago
This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.
C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
- [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
- [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
- [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
- [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.
Job added to Upwork: https://www.upwork.com/jobs/~01296c6603adc4c5ac
Triggered auto assignment to Contributor Plus for review of internal employee PR - @alitoshmatov (Internal
)
This issue has not been updated in over 15 days. @alitoshmatov eroding to Monthly issue.
P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json⚠️ Warning
``` Failed to update the package-lock.json, please update manually before merging. ```[SNYK-JS-ELECTRON-6515649](https://snyk.io/vuln/SNYK-JS-ELECTRON-6515649) | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | Use After Free
[SNYK-JS-ELECTRON-6515650](https://snyk.io/vuln/SNYK-JS-ELECTRON-6515650) | No | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | Type Confusion
[SNYK-JS-ELECTRON-6515651](https://snyk.io/vuln/SNYK-JS-ELECTRON-6515651) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | Use After Free
[SNYK-JS-ELECTRON-6515652](https://snyk.io/vuln/SNYK-JS-ELECTRON-6515652) | No | No Known Exploit Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information:
Upwork Automation - Do Not Edit