fiddle
fiddle copied to clipboard
Published
20 hours ago •
electron
electron
[UNSAFE] build: update yarn.lock to fix audit output
We ran uuaw --audit and it resulted in a clean yarn audit.
Attempting to fix advisory: GHSA-p6mc-m468-83gw - Prototype Pollution in lodash
Scanning dependency chain:
@octokit/rest --> lodash.set
[1/6] Trying from: lodash.set@^4.3.2
Resolving: lodash.set@^4.3.2 --> 4.3.2
[1/6] Chain results in vulnerable version: [email protected]
[2/6] Trying from: @octokit/rest@^16.43.1
Resolving: @octokit/rest@^16.43.1 --> 16.43.2
Resolving: lodash.set@^4.3.2 --> 4.3.2
[2/6] Chain results in vulnerable version: [email protected]
[3/6] [UNSAFE] Trying from: @octokit/rest@^17.0.0
Resolving: @octokit/rest@^17.0.0 --> 17.11.2
[3/6] [UNSAFE] Updating chain to latest starting at: @octokit/rest@^17.0.0 results in cutting the known chain
[3/6] [UNSAFE] Running yarn install now
Attempting to fix advisory: GHSA-f5x3-32g6-xq36 - Denial of service while parsing a tar file due to lack of folders count validation
Scanning dependency chain:
@electron-forge/cli --> @electron-forge/core --> @electron-forge/template-vite --> @electron-forge/template-base --> @electron-forge/shared-types --> @electron/rebuild --> node-gyp --> make-fetch-happen --> cacache --> tar
[1/10] Trying from: tar@^6.1.11
Resolving: tar@^6.1.11 --> 6.2.1
[1/10] Updating chain to latest starting at: tar@^6.1.11 results in a patched version: [email protected]
[1/10] Running yarn install now
Attempting to fix advisory: GHSA-f5x3-32g6-xq36 - Denial of service while parsing a tar file due to lack of folders count validation
Scanning dependency chain:
@electron-forge/cli --> @electron-forge/core --> @electron-forge/template-vite --> @electron-forge/template-base --> @electron-forge/shared-types --> @electron/rebuild --> node-gyp --> tar
[1/8] Trying from: tar@^6.1.2
Resolving: tar@^6.1.2 --> 6.2.1
[1/8] Updating chain to latest starting at: tar@^6.1.2 results in a patched version: [email protected]
[1/8] Running yarn install now
Attempting to fix advisory: GHSA-f5x3-32g6-xq36 - Denial of service while parsing a tar file due to lack of folders count validation
Scanning dependency chain:
@electron-forge/cli --> @electron-forge/core --> @electron-forge/template-vite --> @electron-forge/template-base --> @electron-forge/shared-types --> @electron/rebuild --> tar
[1/7] Trying from: tar@^6.0.5
Resolving: tar@^6.0.5 --> 6.2.1
[1/7] Updating chain to latest starting at: tar@^6.0.5 results in a patched version: [email protected]
[1/7] Running yarn install now
Audit is clean, looking good cap'n
![up-up-and-away[bot] avatar](https://avatars.githubusercontent.com/in/656527?v=4 "Published by a pub.dev verified publisher"){kind=small}