rolled back electron builder version

finos / FDC3-Sail

Open implementation of the FDC3 standard using Electron and an integrated App Directory.

Apache License 2.0

32 stars 20 forks source link

rolled back electron builder version #122

Closed nkolba closed 1 year ago

nkolba commented 1 year ago

minimatch ReDoS vulnerability in v23.6.0 of electron-builder

See issue here: https://github.com/electron-userland/electron-builder/issues/7206

This change removes high severity vulnerabilities but introduces some moderate ones.

Note: these are all in the electron-builder dependency chain - which is a dev, not runtime, dependency.

sebbenmbarek commented 1 year ago

@nkolba Do we still want to revert to electron-builder: ^22.10.3, or can we upgrade to 24.0.0-alpha.8, they fixed the dependency issue in that version. Or do we prefer to stick to "stable" versions?

nkolba commented 1 year ago

No. Really, just wanted to document the issue.

nkolba commented 1 year ago

closing - new PR with electron upgrade and electron builder upgrade gets rid of the issue.