[Snyk] Security upgrade asar from 1.0.0 to 3.0.0 - Githubissues

JsSucks / BetterDiscordApp

Better Discord App enhances Discord desktop app with new features.

MIT License

587 stars 116 forks source link

[Snyk] Security upgrade asar from 1.0.0 to 3.0.0 #372

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept

Commit messages

Package name: asar

The new version differs by 22 commits.

f581511 build: use a newer Node version for releases
f1a29ba feat: require Node 10.12.0 (#191)
0ee4133 chore: remove AppVeyor badge
f9eb91d feat: add TypeScript definition (#190)
c93997d build: replace AppVeyor with CircleCI's Windows support (#189)
170d05d refactor: reduce the usage of anonymous functions (#188)
e49bdc7 fix: use CFA v2
2fa3185 chore: multibyte characters path case use nosort (#179)
709923d Merge pull request #178 from zp1996/master
0c7fcde fix: remove unnecessary arguments
33bd9c6 chore: update CHANGELOG with 2.0.0 and 2.0.1 releases
319dd81 fix: don't monkeypatch fs with promisified versions (#176)
82d78f3 chore: have semantic-release update the CHANGELOG file (#175)
8a03eae feat: drop support for Node < 8 (#170)
22756a7 chore: use the correct version of the CFA module (#174)
be6f4eb build: move macos tests to circleci (#173)
f6ba2ec chore: only use Travis CI for macOS testing (#172)
d758495 chore: fix 'typo' in module name
0ae98ce chore: add CFA support (#171)
b4c18ae Merge pull request #169 from karissa/patch-1
251a3cc Update README for public API move to promises.
955c1f2 Update CHANGELOG between 0.14.0 and 1.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic