starred/Electron.NET
1
0
Fork 0
mirror of https://github.com/ElectronNET/Electron.NET.git synced 2026-02-03 21:25:13 +00:00
Code Issues 668 Packages Projects Releases 20 Wiki Activity

[PR #848] [MERGED] Update node modules packages #1320

New Issue
Closed
opened 2026-01-29 16:59:37 +00:00 by claunia · 0 comments
claunia commented 2026-01-29 16:59:37 +00:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/ElectronNET/Electron.NET/pull/848
Author: @gorsheninmv
Created: 5/1/2024
Status: Merged
Merged: 5/1/2024
Merged by: @FlorianRappl

Base: developHead: update-npm-packages

📝 Commits (1)

  • f55dbc1 chore: update node modules packages

📊 Changes

1 file changed (+42 additions, -42 deletions)

View changed files

📝 src/ElectronNET.Host/package-lock.json (+42 -42)

📄 Description

Update node modules packages with the npm audit fix command

See the log below with vulnerabilities:

# npm audit report

electron  23.0.0-alpha.1 - 23.3.13
Severity: moderate
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd - https://github.com/advisories/GHSA-7x97-j373-85x5
Electron context isolation bypass via nested unserializable return value - https://github.com/advisories/GHSA-p7v2-p9m8-qqg7
ASAR Integrity bypass via filetype confusion in electron - https://github.com/advisories/GHSA-7m48-wc93-9g85
fix available via `npm audit fix`
node_modules/electron

engine.io  5.1.0 - 6.4.1
Severity: moderate
engine.io Uncaught Exception vulnerability - https://github.com/advisories/GHSA-q9mw-68c2-j6m5
fix available via `npm audit fix`
node_modules/engine.io

semver  <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/electron-updater/node_modules/semver
node_modules/global-agent/node_modules/semver
node_modules/semver
node_modules/tslint/node_modules/semver

socket.io-parser  4.0.4 - 4.2.2
Severity: high
Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-cqmj-92xf-r6r9
fix available via `npm audit fix`
node_modules/socket.io-parser

4 vulnerabilities (3 moderate, 1 high)

To address all issues, run:
  npm audit fix

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/ElectronNET/Electron.NET/pull/848 **Author:** [@gorsheninmv](https://github.com/gorsheninmv) **Created:** 5/1/2024 **Status:** ✅ Merged **Merged:** 5/1/2024 **Merged by:** [@FlorianRappl](https://github.com/FlorianRappl) **Base:** `develop` ← **Head:** `update-npm-packages` --- ### 📝 Commits (1) - [`f55dbc1`](https://github.com/ElectronNET/Electron.NET/commit/f55dbc14c01e06e73a582b19ceca87497231780f) chore: update node modules packages ### 📊 Changes **1 file changed** (+42 additions, -42 deletions) <details> <summary>View changed files</summary> 📝 `src/ElectronNET.Host/package-lock.json` (+42 -42) </details> ### 📄 Description Update node modules packages with the `npm audit fix` command See the log below with vulnerabilities: ``` # npm audit report electron 23.0.0-alpha.1 - 23.3.13 Severity: moderate Electron vulnerable to out-of-package code execution when launched with arbitrary cwd - https://github.com/advisories/GHSA-7x97-j373-85x5 Electron context isolation bypass via nested unserializable return value - https://github.com/advisories/GHSA-p7v2-p9m8-qqg7 ASAR Integrity bypass via filetype confusion in electron - https://github.com/advisories/GHSA-7m48-wc93-9g85 fix available via `npm audit fix` node_modules/electron engine.io 5.1.0 - 6.4.1 Severity: moderate engine.io Uncaught Exception vulnerability - https://github.com/advisories/GHSA-q9mw-68c2-j6m5 fix available via `npm audit fix` node_modules/engine.io semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via `npm audit fix` node_modules/electron-updater/node_modules/semver node_modules/global-agent/node_modules/semver node_modules/semver node_modules/tslint/node_modules/semver socket.io-parser 4.0.4 - 4.2.2 Severity: high Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-cqmj-92xf-r6r9 fix available via `npm audit fix` node_modules/socket.io-parser 4 vulnerabilities (3 moderate, 1 high) To address all issues, run: npm audit fix ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
claunia added the pull-request label 2026-01-29 16:59:37 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
api
applications
bug
bug
dev-experience
discussion
documentation
duplicate
enhancement
examples
Feature
Feature
good first issue
help wanted
In progress
information
infrastructure
invalid
javascript
macos
more-information-needed
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/Electron.NET#1320
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?