[Snyk] Fix for 1 vulnerabilities

[Jeremip11]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • script/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-chromedriver

The new version differs by 49 commits.

• 3807adb Merge pull request [Snyk] Security upgrade npm from 5.10.0 to 6.6.0 #62 from electron/9-x-y
• 5a726b8 v9.0.0
• 3d0e75f fix: install npm_config_platform=win32 ([Snyk] Security upgrade stylelint from 9.10.1 to 13.7.0 #61)
• ab6cd41 Merge pull request [Snyk] Security upgrade npm from 5.10.0 to 6.0.0 #59 from erickzhao/chore/migrate-get
• b244950 chore: force node 10.12
• 1e4599b chore: upgrade extract-zip to v2.0.0
• 3c22216 refactor: migrate to @ electron/get
• d25a3ac Merge pull request [Snyk] Security upgrade electron-packager from 7.3.0 to 13.0.0 #57 from electron/dependabot/npm_and_yarn/acorn-6.4.1
• 2a0b450 Bump acorn from 6.2.1 to 6.4.1
• 0e494e4 Merge pull request [Snyk] Security upgrade atom-package-manager from 2.0.0 to 2.6.1 #55 from electron/8-x-y
• 400df8e v8.0.0
• c3f66d6 chore: update for 8.0.0-beta.7 ([Snyk] Fix for 1 vulnerabilities #54)
• 209fa2e chore: set @ wg-releases as CODEOWNERS ([Snyk] Security upgrade npm from 5.10.0 to 7.0.0 #53)
• ed80a77 Merge pull request [Snyk] Security upgrade babel-core from 5.8.38 to 6.9.0 #50 from electron/7-0-x
• 5cba324 Update for v7.0.0
• 2ca0405 Merge pull request [Snyk] Security upgrade stylelint from 9.10.1 to 10.0.0 #48 from electron/dependabot/npm_and_yarn/eslint-utils-1.4.2
• 0051436 chore: Update to 7.0.0-beta.5
• 4b48320 Bump eslint-utils from 1.4.0 to 1.4.2
• 2f4cca7 Merge pull request [Snyk] Security upgrade atom-package-manager from 2.0.0 to 2.6.1 #47 from electron/update-standard-mocha
• e3feaf5 chore: update standard and mocha
• 148292a Merge pull request [Snyk] Security upgrade yargs from 3.32.0 to 16.0.0 #46 from electron/update-stable-6
• bfb0ce6 chore: add support for Electron v6.0.0
• 8dc45bf Bump js-yaml from 3.12.0 to 3.13.1 ([Snyk] Security upgrade babel-core from 5.8.38 to 6.9.0 #43)
• 2a79a74 Bump handlebars from 4.0.12 to 4.1.2 ([Snyk] Fix for 1 vulnerabilities #44)

See the full diff

Package name: electron-mksnapshot

The new version differs by 31 commits.

• 4c31a01 chore: update to v9.0.0 ([Snyk] Security upgrade yargs from 4.8.1 to 13.1.0 #28)
• fcba03d chore: update mksnapshot to work with arm*-x64 zips ([Snyk] Fix for 1 vulnerabilities #27)
• baeb2a2 Fix download on ARM ([Snyk] Security upgrade standard from 11.0.0 to 13.0.0 #26)
• dfc0cd1 Bump acorn from 7.1.0 to 7.1.1 ([Snyk] Security upgrade npm from 5.10.0 to 6.6.0 #25)
• 6d9510e 8.0.0 ([Snyk] Security upgrade npm from 5.10.0 to 6.6.0 #24)
• e77fd2c v7.0.0
• 3c4921f 6.0.0 ([Snyk] Fix for 1 vulnerabilities #21)
• cc99f15 Bump lodash from 4.17.11 to 4.17.14 ([Snyk] Fix for 1 vulnerabilities #20)
• 4d3798f Bump extend from 3.0.1 to 3.0.2 ([Snyk] Fix for 1 vulnerabilities #19)
• 546c646 build: update for 6.0.0-beta.2 ([Snyk] Fix for 1 vulnerable dependencies #18)
• 66c95ca build: update for 6.0.0-beta.1 ([Snyk] Fix for 1 vulnerable dependencies #17)
• 199a6a7 build: update for 5.x.x ([Snyk] Fix for 1 vulnerable dependencies #16)
• 21a3ed0 build: update for 4.2.x ([Snyk] Fix for 1 vulnerable dependencies #15)
• 6e589d5 build: update for 4.1.x ([Snyk] Fix for 1 vulnerable dependencies #14)
• 909e705 build: update mksnapshot for 4-0-x ([Snyk] Fix for 1 vulnerable dependencies #13)
• ad2f2c0 Merge pull request [Snyk] Fix for 5 vulnerable dependencies #10 from electron/3-0-x
• c5354e0 Try longer timeout
• 05ff022 try this
• 3d8d590 fix dir
• a96f2a9 Try to track down travis failure
• 83361c5 Update for vulnerabilities
• 457df73 Update travis to node 10
• 2b3a240 Update appveyor to use node 10
• ca1b18b Update mksnapshot for 3-0-x

See the full diff

Package name: electron-packager

The new version differs by 250 commits.

• 8d03dd7 14.0.0
• fe05b3e Merge pull request Insert cursor should always stay in view while typing atom/atom#1017 from electron-userland/v14-develop
• a77eb2d chore: add NEWS entries for v14
• f8a3cac Linux/ia32 warning moved from Packager to @ electron/get (Jump to first non-whitespace character atom/atom#1016)
• 67e3021 test: fix CLI test names, add --no-download.rejectUnauthorized test
• 5f09eb5 refactor: use object shorthand in targets exports
• cf7c725 feat: convert from electron-download to @ electron/get (Opening double curly quotes troll designers when using Inconsolata atom/atom#1002)
• cc470ef refactor: always test against post-1.0 versions of Electron (Install packages from atom.io atom/atom#1012)
• 51cce5b chore: install Wine via homebrew on macOS
• 6075368 chore: use yarn on Travis/macOS
• f56c84e chore: upgrade the ava ecosystem to ^2
• 2f6e385 chore: refactor codesign testing (Show path to file in tooltip on long hover of tab atom/atom#1010)
• 8356c07 chore: avoid running npm install for fixtures (Difficult closing Find in file panel when all files are closed atom/atom#1009)
• 99e28bb feat: ignore system junk files by default (Auto-Complete Concepts atom/atom#1005)
• 058f8d4 chore: upgrade electron-notarize to ^0.1.1
• 14625fb chore: upgrade rcedit to ^2.0.0 (Convert bash scripts to node.js atom/atom#1003)
• c3a499a Replace extract-zip with cross-zip (Undo/redo should keep active line in focus atom/atom#984)
• 481937a Wrap await example in a function because top-level await doesn't exist yet
• ae73870 chore: upgrade eslint-plugin-node to ^9.0.1
• 3be181a chore: split up NPM scripts
• 70b96d0 Upgrade asar to ^2.0.1
• 34a305a Update asar to ^2.0.0
• dd0f0de Drop mz for util.promisify (Wrap selection in tag atom/atom#983)
• b0b253b Update tempy requirement from ^0.2.1 to ^0.3.0 (Unicode in strings breaks ERB parsing atom/atom#980)

See the full diff

Package name: electron-winstaller

The new version differs by 15 commits.

• dad268d 3.0.0
• 694f929 feat: copy .exe.config file (New jasmine spec runner concatenates nested describe strings, which makes them hard to read atom/atom#229)
• da145bb feat: Squirrel 1.9.1 (Indent guide atom/atom#288)
• 50bb564 feat: Allowed signWithParams with certificateFile/Password (Make CI reliable atom/atom#190)
• b07643b feat: Add Squirrel's --framework-version Option (Allow panes to be resized atom/atom#274) (Searching for "test" in .com causes Atom to become unresponsive atom/atom#275)
• a113097 chore: upgrade eslint, temp, & debug
• 5403c71 chore: upgrade to Node 6 (Make pane system available for more than just editors atom/atom#293)
• 6210bab Upgrade asar to ^1.0.0
• 5954c8e 2.7.0
• b639c74 feat: Version bump vendored Squirrel.Windows to 1.9.0 (Click selections incorrect with Variable width font atom/atom#267)
• 5c28a08 Issue Since the setting is global to all editors, setFontFamily should be moved to RootView atom/atom#253: Add signature file to template (Simple styles for GFM atom/atom#257)
• 7ebee45 Merge pull request Editor stats atom/atom#202 from bursauxa/patch-1
• 736159e Update README.md
• 7ba135d Update fs-extra to 2.1.2 (Vim package atom/atom#234)
• 0fa685a Documented "skipUpdateIcon" option.

See the full diff

Package name: fs-admin

The new version differs by 4 commits.

• d9f578c 0.2.0
• 44fc30a upgrade devDependencies to latest versions ([Snyk] Fix for 3 vulnerable dependencies #4)
• 282d57c move mocha to a devDependency ([Snyk] Fix for 3 vulnerable dependencies #3)
• b391668 add typings for the public API ([Snyk] Fix for 17 vulnerable dependencies #2)

See the full diff

Package name: stylelint

The new version differs by 61 commits.

• c789336 Prepare 10.0.0
• 70c63e0 Update CHANGELOG.md
• 9b76cec Fix autofix for single-line comments within maps in value-keyword-case (Atom has excessive battery impact compared to other apps on Mac OS Yosemite atom/atom#4019)
• 49fa75f Update CHANGELOG.md
• 6308199 Update CHANGELOG.md
• 4ca75e7 Throw error on non-existent files unless allow-empty-input is enabled (📝 fix TextEditor::delete() doc atom/atom#3965)
• 5811b65 chore(package): update prettier to version 1.17.0 (Way to completely disable a certain key shortcut? atom/atom#4025)
• 7c8d769 Replace Node.js legacy API for URL parsing. Fixes 🐧 .desktop file without capital letter atom/atom#3803 (Possible to change the html's bg to be dynamically set on theme apply/change? atom/atom#4024)
• 77c70b5 Update dependencies (Chocolatey lags upgrade notice atom/atom#4013)
• a8f93d6 fix(package): update micromatch to version 4.0.0 (can't install atom on centos 6.5 Failed dependencies: libgnome-keyring atom/atom#4015)
• bfbf462 Update CHANGELOG.md
• 9efd6f4 Remove `styled` and `jsx` syntax options (/* */ comment on a single line inside braces keeps trying to un-indent atom/atom#4009)
• 6ab5e1f Update CHANGELOG.md
• 2b73704 Add ignore: ["comments"] to block-no-empty (Installation: libgnome-keyring dependency error on Red Hat 6.5 atom/atom#4008)
• b6f3057 Update CHANGELOG.md
• 81f4139 Drop Node.js 6 support (Upgrade to atom-shell@0.19.1 atom/atom#4006)
• b4dc965 Fix documentation typos and mistakes (Deprecate exports atom/atom#3922)
• d66354d Update CHANGELOG.md
• 4ec7170 Fix false negatives for `isStandardSyntaxDeclaration` (Add .dmg for OSX atom/atom#3933)
• a174409 fix(package): update string-width to version 4.0.0 (Lag with Plain Text atom/atom#3991)
• bdd3685 Update CHANGELOG.md
• e92d5e0 Fix false positives for negative numbers in function-calc-no-invalid (Ubuntu - welcome.md  atom/atom#3921)
• 59681a0 Update CHANGELOG.md
• 35c3f5a Apply rule in the order defined in `lib/rules/index.js` (Update the app icon on OS X to fit with the new Yosemite UI style atom/atom#3923)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)