socket-security[bot]
commented
1 year ago Socket Security Pull Request Report
Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.
π΅βπ« Bin script confusion
This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack
Consider removing one of the conflicting packages. Packages should only export bin scripts with their name
| Package | Bin script | Source |
|---|---|---|
| @electron/osx-sign@1.0.4 (added) | electron-osx-flat |
package.json via electron-packager@17.1.1 |
| electron-osx-sign@0.6.0 (upgraded) | electron-osx-flat |
package.json |
| @electron/osx-sign@1.0.4 (added) | electron-osx-sign |
package.json via electron-packager@17.1.1 |
| electron-osx-sign@0.6.0 (upgraded) | electron-osx-sign |
package.json |
Pull request report summary
| Issue | Status |
|---|---|
| Install scripts | β 0 issues |
| Native code | β 0 issues |
| Bin script confusion | β οΈ 4 issues |
| Bin script shell injection | β 0 issues |
| Unresolved require | β 0 issues |
| Invalid package.json | β 0 issues |
| HTTP dependency | β 0 issues |
| Git dependency | β 0 issues |
| Potential typo squat | β 0 issues |
| Known Malware | β 0 issues |
| Telemetry | β 0 issues |
| Protestware/Troll package | β 0 issues |
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2
@SocketSecurity ignore @electron/osx-sign@1.0.4@SocketSecurity ignore electron-osx-sign@0.6.0
Powered by socket.dev
github-actions[bot]
renovate[bot]
This PR contains the following updates:
15.5.2->17.1.1Release Notes
electron/electron-packager
### [`v17.1.1`](https://togithub.com/electron/electron-packager/releases/tag/v17.1.1) [Compare Source](https://togithub.com/electron/electron-packager/compare/v17.1.0...v17.1.1) #### What's Changed - fix: allow packaging twice simultaneously by [@MarshallOfSound](https://togithub.com/MarshallOfSound) in [https://github.com/electron/electron-packager/pull/1439](https://togithub.com/electron/electron-packager/pull/1439) **Full Changelog**: https://github.com/electron/electron-packager/compare/v17.1.0...v17.1.1 ### [`v17.1.0`](https://togithub.com/electron/electron-packager/releases/tag/v17.1.0) [Compare Source](https://togithub.com/electron/electron-packager/compare/v17.0.0...v17.1.0) #### What's Changed - refactor: migrate from electron-notarize to [@electron/notarize](https://togithub.com/electron/notarize) by [@MarshallOfSound](https://togithub.com/MarshallOfSound) in [https://github.com/electron/electron-packager/pull/1433](https://togithub.com/electron/electron-packager/pull/1433) - feat: New lifecycle hooks: afterAsar, afterComplete, afterCopyExtraResources, beforeAsar, beforeCopy, beforeCopyExtraResources by [@erikian](https://togithub.com/erikian) in [https://github.com/electron/electron-packager/pull/1297](https://togithub.com/electron/electron-packager/pull/1297) - feat: add new afterFinalizePackageTargets hook by [@MarshallOfSound](https://togithub.com/MarshallOfSound) in [https://github.com/electron/electron-packager/pull/1437](https://togithub.com/electron/electron-packager/pull/1437) #### New Contributors - [@erikian](https://togithub.com/erikian) made their first contribution in [https://github.com/electron/electron-packager/pull/1297](https://togithub.com/electron/electron-packager/pull/1297) **Full Changelog**: https://github.com/electron/electron-packager/compare/v17.0.0...v17.1.0 ### [`v17.0.0`](https://togithub.com/electron/electron-packager/releases/tag/v17.0.0): 17.0.0 [Compare Source](https://togithub.com/electron/electron-packager/compare/v16.0.0...v17.0.0) ##### Changed - **BREAKING:** Replaced `electron-osx-sign` with `@electron/osx-sign`. The accepted properties on the `osxSign` options object are now slightly different. Please see the [migration guide](https://togithub.com/electron/osx-sign/blob/main/MIGRATION.md) for more information on these changes. ([#1428](https://togithub.com/electron/electron-packager/issues/1428)) - Replaced `asar` with `@electron/asar`. The configuration options are unchanged. This migration is purely cosmetic. ([#1431](https://togithub.com/electron/electron-packager/issues/1431)) ### [`v16.0.0`](https://togithub.com/electron/electron-packager/releases/tag/v16.0.0): 16.0.0 [Compare Source](https://togithub.com/electron/electron-packager/compare/v15.5.2...v16.0.0) [16.0.0]: https://togithub.com/electron/electron-packager/compare/v15.5.1...v16.0.0 ##### Fixed - Properly import info logger ([#1405](https://togithub.com/electron/electron-packager/issues/1405)) ##### Added - Node 16 & 18 support ([#1399](https://togithub.com/electron/electron-packager/issues/1399)) ##### Changed - Bump `got` to 2.0.0 ([#1397](https://togithub.com/electron/electron-packager/issues/1397)) ##### Removed - Node 12 support ([#1399](https://togithub.com/electron/electron-packager/issues/1399))Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.