Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.
[697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)
[697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)
This release has been long overdue and this plugin has been in the RC state for way too long, sorry for the delay. Anyways, better late than never, so here it is! If you were running the latest RC previously, there aren't any breaking changes or required migration steps. Thank you to all my supporters who have funded this project and made this release possible :heart::heart:!!
Breaking Changes from v1.x
The testWithSpectron function requires you pass the spectron module as it's first arg, allowing you to specify the version of spectron to be used. You will need to install spectron as a devDependency
Jest tests must be run with testEnvironment set to node, see the examples for more details
Run (yarn add | npm install) -D vue-cli-plugin-electron-builder@latest to install the 2.0 version of the plugin.
In your background.(js|ts), replace nodeIntegration:true with:
// Use pluginOptions.nodeIntegration, leave this alone
// See nklayman.github.io/vue-cli-plugin-electron-builder/guide/security.html#node-integration for more info
nodeIntegration: process.env.ELECTRON_NODE_INTEGRATION
If your app requires nodeIntegration, enable it in vue.config.js:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/msaltnet/T.Viewer/network/alerts).
Bumps tough-cookie to 4.1.3 and updates ancestor dependencies tough-cookie, @vue/cli-shared-utils, @vue/cli-plugin-unit-jest and vue-cli-plugin-electron-builder. These dependencies need to be updated together.
Updates
tough-cookie
from 2.4.3 to 4.1.3Release notes
Sourced from tough-cookie's releases.
... (truncated)
Commits
4ff4d29
4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)12d4747
Prevent prototype pollution in cookie memstore (#283)f06b72d
Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...b1a8898
fix: allow set cookies with localhost (#253)ec70796
4.1.1 Patch -- allow special use domains by default (#250)d4ac580
fix: allow special use domains by default (#249)79c2f7d
4.1.0 release to NPM (#245)4fafc17
Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...aa4396d
fix: distinguish between no samesite and samesite=none (#240)b8d7511
Modernize README (#234)Maintainer changes
This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.
Updates
@vue/cli-shared-utils
from 4.0.4 to 5.0.8Release notes
Sourced from
@vue/cli-shared-utils
's releases.... (truncated)
Changelog
Sourced from
@vue/cli-shared-utils
's changelog.... (truncated)
Commits
b154dbd
v5.0.84a0655f
v5.0.7ef08a08
v5.0.698c66c9
v5.0.500fd2b6
chore: update the@achrinza/node-ipc
to support Node.js 18940e436
fix: update@achrinza/node-ipc
to support non-LTS Node.js versionsca97fc2
v5.0.475826d6
fix: replacenode-ipc
with@achrinza/node-ipc
to further secure the depen...dd53f26
v5.0.3a859b1f
v5.0.2Updates
@vue/cli-plugin-unit-jest
from 4.0.5 to 5.0.8Release notes
Sourced from
@vue/cli-plugin-unit-jest
's releases.... (truncated)
Changelog
Sourced from
@vue/cli-plugin-unit-jest
's changelog.... (truncated)
Commits
b154dbd
v5.0.84a0655f
v5.0.7ef08a08
v5.0.698c66c9
v5.0.5ca97fc2
v5.0.4dd53f26
v5.0.3a859b1f
v5.0.292d80a8
v5.0.1c913cdc
v5.0.09be19f0
test: fix tsx importUpdates
vue-cli-plugin-electron-builder
from 1.4.0 to 2.1.1Release notes
Sourced from vue-cli-plugin-electron-builder's releases.
... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/msaltnet/T.Viewer/network/alerts).