[Snyk] Fix for 1 vulnerabilities

[lholmquist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-packager

The new version differs by 250 commits.

• 51a103d v17.1.2 (#1550)
• 4d70cd0 fix(osx-sign): bump osx-sign to 1.0.5 (#1549)
• 833854f ci: fix publish documentation workflow (#1547)
• 30901bf chore: bump actions/setup-node from 3.7.0 to 3.8.0 (#1545)
• 7b595cc ci: use electronjs/node orb (#1546)
• be83558 chore: bump rcedit from 3.0.1 to 3.0.2 (#1541)
• 7e87e5e test: set `cacheRoot` to checksum download (#1540)
• 6430d3f ci: make canary run `--arch=universal` on macOS (#1539)
• 741f3c3 fix: prune `electron-nightly` even if in dependencies (#1538)
• 5ee6d73 ci: use action-semantic-pull-request (#1535)
• daca65c chore: bump word-wrap from 1.2.3 to 1.2.4 (#1536)
• 12b6225 docs: clarify CLI usage (#1534)
• 9a030b7 chore: bump actions/checkout from 3.5.2 to 3.5.3 (#1514)
• e4635f8 chore: bump actions/setup-node from 3.6.0 to 3.7.0 (#1529)
• 6cdd96b docs: add `osx-universal` flag to usage.txt (#1533)
• 72bc2a5 chore: bump plist from 3.0.6 to 3.1.0 (#1530)
• af334e3 chore: bump @ electron/universal from 1.3.4 to 1.4.1 (#1525)
• 036b954 chore: bump @ electron/notarize from 1.2.3 to 1.2.4 (#1518)
• 0c5957b build: update electron/electron-quick-start branch to main (#1505)
• 50c7a49 chore: bump sinon from 15.0.3 to 15.0.4 (#1504)
• 9331fdd chore: bump @ electron/asar from 3.2.3 to 3.2.4 (#1494)
• 0d60945 chore: bump fs-extra from 11.1.0 to 11.1.1 (#1488)
• e49124a chore: bump actions/checkout from 3.3.0 to 3.5.2 (#1498)
• 7e20bd5 build: use CircleCI cimg/node images (#1506)

See the full diff

Package name: electron-rebuild

The new version differs by 250 commits.

• 6f94aaa Merge pull request #1022 from VerteDinde/add-std17-flag-for-e20
• 3f5ff99 fix: ensure force-process-config is not passed to prerelease v20+ (#1023)
• 979361d fix: add std=c++17 flag for e20+
• 20107a8 Merge pull request #1015 from electron/dependabot/npm_and_yarn/typescript-4.6.4
• 3108e3d chore(deps-dev): bump typescript from 4.6.2 to 4.6.4
• 00e6ed3 Merge pull request #1014 from electron/dependabot/npm_and_yarn/types/node-17.0.34
• f9d77d2 chore(deps-dev): bump @ types/node from 17.0.33 to 17.0.34
• f3342e2 Merge pull request #1003 from electron/dependabot/npm_and_yarn/yargs-17.4.1
• 41fa566 Merge pull request #1013 from electron/dependabot/npm_and_yarn/types/node-17.0.33
• 9b3be7c chore(deps-dev): bump @ types/node from 17.0.21 to 17.0.33
• 641db3d chore(deps): bump yargs from 17.3.1 to 17.4.1
• e677ce6 Merge pull request #993 from electron/dependabot/npm_and_yarn/ts-node-10.7.0
• 3cb7db1 Merge pull request #995 from electron/dependabot/npm_and_yarn/mocha-9.2.2
• 2facce0 chore(deps-dev): bump mocha from 9.2.0 to 9.2.2
• 0e59898 chore(deps-dev): bump ts-node from 10.6.0 to 10.7.0
• 4d54c15 Merge pull request #990 from electron/dependabot/npm_and_yarn/types/yargs-17.0.9
• 1b45c84 Merge pull request #991 from electron/dependabot/npm_and_yarn/ts-node-10.6.0
• 708a1c4 Merge pull request #992 from electron/dependabot/npm_and_yarn/node-gyp-9.0.0
• 6d61b02 chore(deps): bump node-gyp from 8.4.1 to 9.0.0
• 7c01ce3 chore(deps-dev): bump ts-node from 10.5.0 to 10.6.0
• 8adb090 chore(deps-dev): bump @ types/yargs from 17.0.8 to 17.0.9
• f798bc5 Merge pull request #986 from electron/dependabot/npm_and_yarn/fs-extra-10.0.1
• 2df36e0 Merge pull request #987 from electron/dependabot/npm_and_yarn/types/node-17.0.21
• f4edeb5 Merge pull request #988 from electron/dependabot/npm_and_yarn/typescript-4.6.2

See the full diff

Package name: ember-ajax

The new version differs by 250 commits.

• 9f7a058 chore(release): 5.1.2
• b24279f Merge pull request #463 from boris-petrov/use-object-assign
• 5175d40 fix: resolve `ember-polyfills.deprecate-assign` deprecation warnings
• 5520bdf v5.1.1
• b818a9f v5.1.0
• 1b7a0f3 chore: update ignore files
• 77fbbb9 Merge pull request #459 from Turbo87/gh-actions
• 5fb626d chore: remove TravisCI config
• 903b5eb chore: add GitHub Actions config
• 597afc3 chore: change `ember-data` dependency to `~3.1.1`
• a499159 Merge pull request #454 from abrahamspaa/vulnerable-fix
• d44a567 Merge pull request #452 from boris-petrov/fix-ember-deprecation
• b1e1952 bump version najax
• 4dcd0f4 vulnerable fix
• a61cba6 Fix deprecated usage of `run.join`
• c178c5e Merge pull request #440 from jamescdavis/fix_ajax-request_mixin_public_property_types
• 2e2b0c5 fix: types on public properties in ajax-request mixin
• 838de17 Merge pull request #438 from boris-petrov/add-new-lts-releases-to-ci
• 78c3587 test: add Ember 3.4 and 3.8 to Travis
• 9de754a chore(release): 5.0.0
• bcebe35 Merge pull request #435 from Turbo87/ember-3.8
• a52533b Merge pull request #436 from Turbo87/ie11
• 57dc203 fix: always run tests in IE11 mode
• 2617549 chore: update `ember-source` to v3.8.0

See the full diff

Package name: ember-cli-babel

The new version differs by 82 commits.

• 12945fb 6.0.0
• 74c2b18 6.0.0-beta.11
• 31475a5 Merge pull request #132 from pgrippi/remove-console-log
• 35653f1 Remove debugging console.log statement from `_getBabelOptions`
• ffff43b release v6.0.0-beta.10 🎉
• 3b43841 Merge pull request #131 from babel/expose-addon-powerz
• 15644f8 lock file
• 117a409 expose addon.buildBabelOptions and addon.transpileTree(tree, options) so that add ons can have additional powerz
• 4ab3d4a Merge pull request #128 from babel/rwjblue-patch-1
• 96e03e8 First pass at README updates for 6.
• 67deb55 6.0.0-beta.9
• 513e9d1 Merge pull request #126 from rwjblue/expose-helper-for-transpiling
• 2cdf16f Add tests for `transpileTree`.
• 0e6b5ef Expose a public mechanism to transpile a tree.
• 7c6dc0a 6.0.0-beta.8
• 5c9f30c Merge pull request #125 from rwjblue/simplify-options-processing
• 844a833 Add tests confirming babel6 options other than plugins is honored.
• 3382c11 Fix clobbering behavior with babel vs babel6 config.
• d2feba4 6.0.0-beta.7
• 98bba84 Merge pull request #124 from rwjblue/add-tests-to-confirm-preset-env-working
• dbf95d9 Add basic sanity test to confirm babel-preset-env is working.
• a6d01ff Merge pull request #123 from rwjblue/avoid-passing-options-to-babel
• 0b470fc Only pass provided options to babel-preset-env.
• 60d12de Merge pull request #122 from kanongil/use-targets-fix

See the full diff

Package name: ember-cli-htmlbars-inline-precompile

The new version differs by 250 commits.

• 398686f Release 3.0.2
• 795cb9a Merge pull request #408 from ember-cli/cache-lazily
• a8c3398 Make cacheKey calculation lazy
• 4a5c196 Drop documentation from README.
• 21645c7 [Security] Bump node-fetch from 2.6.0 to 2.6.1
• 7d1260c [Security] Bump http-proxy from 1.18.0 to 1.18.1
• 6ed45ef [Security] Bump dot-prop from 4.2.0 to 4.2.1
• 82d21b6 Bump @ ember/optional-features from 0.7.0 to 1.3.0
• 3570d96 Bump eslint-plugin-node from 9.2.0 to 11.1.0
• 95fc3d5 [Security] Bump websocket-extensions from 0.1.3 to 0.1.4
• 12ba58c [Security] Bump handlebars from 4.4.0 to 4.7.6
• e6862be [Security] Bump jquery from 3.4.1 to 3.5.0
• 30e19c0 [Security] Bump acorn from 7.1.0 to 7.1.1
• b5aa14c Bump ember-cli-babel from 7.12.0 to 7.14.1
• 1bd9e9d Bump qunit-dom from 0.9.1 to 0.9.2
• 8d15287 Bump lerna-changelog from 0.8.2 to 0.8.3
• 9e86687 Bump eslint-plugin-ember from 7.4.0 to 7.5.0
• 6d83ba0 Bump ember-try from 1.2.1 to 1.3.0
• 7cc5b5d Bump eslint-plugin-ember from 7.2.0 to 7.4.0
• 32f58a8 Bump qunit-dom from 0.9.0 to 0.9.1
• e2608bf Bump ember-source-channel-url from 1.1.0 to 2.0.1
• be42171 Bump eslint from 6.5.1 to 6.6.0
• d147af2 Bump ember-cli-htmlbars from 3.1.0 to 4.0.8 (#332)
• 2ce08fa Bump eslint-plugin-ember from 6.10.1 to 7.2.0 (#333)

See the full diff

Package name: ember-cli-qunit

The new version differs by 155 commits.

• 4ad1af2 release v4.4.0 🎉
• f4bd36b Merge pull request #212 from ember-cli/upgrade
• f32d88a bump ember-qunit
• 63ac2f2 Merge pull request #210 from samselikoff/upgrade-ember-qunit
• 300b36c Upgrade ember-qunit
• d3dc0f4 v4.3.2
• f4897da Add v4.3.2 to CHANGELOG.md.
• c3a2396 Update ember-qunit to v3.3.2.
• ac4ea28 v4.3.1
• 57b348a Add v4.3.1 to CHANGELOG.md.
• d92bb44 Merge pull request #204 from rwjblue/update-dependencies
• bc11e3a Fix issue with Chrome + Travis & setuid...
• f854e86 Update ember-qunit to latest version.
• 45dd8ec Update ember-cli-babel to latest version.
• 7f5ab89 Merge pull request #200 from kategengler/update-release-md
• 29e8b50 Remove bit about creating github releases, that hasn't been done for a
• 221a2d1 Update RELEASE.md for lerna-changelog & travis deploy
• 8bc7d15 v4.3.0
• 4f7d32e Add v4.3.0 to CHANGELOG.md.
• 371b9fa Update minimum version of ember-qunit to 3.3.0.
• f9da916 Update packages to latest allowed versions.
• 4d418f4 Update yarn.lock to match package.json.
• 497420c v4.2.1
• 9a48900 Add v4.2.1 to CHANGELOG.md.

See the full diff

Package name: ember-electron

The new version differs by 250 commits.

• 8859aad fix: Disable fingerprinting on images (#413)
• 3ca4eef chore: Update various deps (#411)
• d2eeda8 chore: Make ESLint config more standard (#410)
• 63b107c docs: Update docs link (#409)
• 5cb5b8e Merge pull request #408 from adopted-ember-addons/ember-3.14
• 2f92647 Ember 3.14 and tweaks
• a36ab04 Merge pull request #407 from rwwagner90/bump-deps
• 3298d06 Bump some deps, fix prod build
• 49ba078 Merge pull request #405 from rwwagner90/addon-docs
• dc9739e Fix index styles
• c6aa229 Change links to docs, start porting index page
• 989fe4c Merge pull request #403 from adopted-ember-addons/dependabot/npm_and_yarn/eslint-4.18.2
• ea334ad Bump eslint from 3.19.0 to 4.18.2
• 1de0b6f Merge pull request #404 from rwwagner90/addon-docs
• 1caf0c2 Use ember-cli-addon-docs for docs
• cdf9636 fix: enable node integration in tests (#401)
• 53bcf0d chore: Misc updates (#402)
• 54a2b13 chore(deps): run ember-cli-update to 3.12.x (#400)
• e8d55fc Merge pull request #396 from adopted-ember-addons/ember-cli-update-3-10-x
• 4727c07 chore(deps): run ember-cli-update to 3.10.x
• 7299a4b doc: update project links: felixrieseberg -> adopted-ember-addons (fixes #393)
• 34d20f7 Merge pull request #390 from jacobq/support-electron-v5
• 88ec14f fix: prevent error when nodeIntegration is disabled
• b8a7d3f fix: support Electron 5 (ref #385)

See the full diff

Package name: ember-export-application-global

The new version differs by 5 commits.

• 2e335cf 2.0.0
• d8904dd Merge pull request [Snyk] Fix for 2 vulnerabilities #24 from ember-cli/update-babel-6
• cf11f03 Update to Babel 6.
• bf21819 Merge pull request [Snyk] Fix for 1 vulnerabilities #23 from ember-cli/clean-up
• 06605c5 addon cleanup

See the full diff

Package name: ember-inspector

The new version differs by 250 commits.

• 2bc5b38 Merge branch 'master' into stable
• feb66b5 Merge pull request #766 from teddyzeenny/add-travis-branches
• 624e8cb Add branches to build in Travis CI
• 7bffe6f Merge pull request #767 from emberjs/fix-assertion
• dfbe0dc Fix text field assertion
• 2a0a70d Merge branch 'master' into stable
• 1aa8f03 Merge pull request #765 from teddyzeenny/reset-app
• 86689da Merge pull request #638 from pablobm/session-storage-check
• 3fd6809 Avoid error in some environments
• 7a8d427 Cleanup
• a3f80a9 Fix inspector reset on client app reset and destroy
• a92447d Merge pull request #764 from teddyzeenny/version-3.0
• 3b43deb Bump version to 3.0.0
• d865fec Ember 3.0, dep updates, testing updates, and codemods (#762)
• bd35cc5 Merge pull request #761 from emberjs/remove-new-computed
• d32c4c3 Merge pull request #760 from emberjs/remove-get-template
• d24f88f Remove computedPolyfill
• 041dde1 Remove getTemplate stuff
• 7222143 Merge pull request #757 from omarhamdan/add-documentation
• 43991ea Fix file paths displayed in the routes tab
• 84645dd Merge pull request #755 from omarhamdan/add-documentation
• b12d13c Add Documentation
• 91275c4 Merge pull request #751 from rwwagner90/ember-qunit-coemod
• 7d23e3e Merge pull request #753 from XuluWarrior/allow-empty-mixins

See the full diff

Package name: ember-resolver

The new version differs by 27 commits.

• ff70a9f 4.0.0
• 1681fe6 Update CHANGELOG for v4.0.0.
• 9966909 Merge pull request #179 from rwjblue/babel-6
• 0bc5fd5 Update to Babel 6.
• 81c3d0b 3.0.1
• 16d5f08 Update CHANGELOG for 3.0.1.
• 10e0c88 Merge pull request #178 from ember-cli/bugfix
• fa83970 Bring in line with addon/ layout changes.
• f80f6de [Fixes #175] restore ability to resolve from modules
• 1fbc09e Merge pull request #177 from 201-created/keys
• c08ccbb No longer need Ember.keys
• 7b423a2 Merge pull request #176 from 201-created/restructure
• 1f656e8 Restructure on disk
• 7362f60 release v3.0.0
• 3d6ae61 Merge pull request #174 from ember-cli/cleanup
• 58bacd8 more cleanup
• 2bc9593 Merge pull request #173 from ember-cli/cleanup
• 6b0727f cleanup
• 15cc4c3 Merge pull request #172 from ember-cli/cleanup
• 4861481 cleanup deps
• 074179a Merge pull request #164 from ember-cli/greenkeeper-ember-cli-2.9.1
• bb65019 Merge branch 'master' into greenkeeper-ember-cli-2.9.1
• 946aa6c Merge pull request #165 from ember-cli/greenkeeper-ember-cli-app-version-2.0.1
• 8f6c55b Merge pull request #169 from daniellawrence/bug/readme-link-update-example

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution