[Snyk] Upgrade @electron-forge/maker-zip from 7.3.0 to 7.4.0 #15
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade @electron-forge/maker-zip from 7.3.0 to 7.4.0. See this package in npm: @electron-forge/maker-zip See this project in Snyk: https://app.snyk.io/org/randomusert/project/d295c44b-9162-44c4-b996-7583c3ada0ab?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade @electron-forge/maker-zip from 7.3.0 to 7.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 2 versions ahead of your current version.
The recommended version was released a month ago, on 2024-04-11.
Release notes
Package name: @electron-forge/maker-zip
-
7.4.0 - 2024-04-11
- fix: bump packager minimum dep by @ MarshallOfSound in #3551
- fix(cli): add
- build(deps): bump dsanders11/github-app-commit-action from 1.3.0 to 1.4.0 by @ dependabot in #3555
- build(deps): bump dsanders11/project-actions from 1.2.0 to 1.3.0 by @ dependabot in #3557
- build(deps): bump webpack-dev-middleware from 5.3.3 to 5.3.4 by @ dependabot in #3545
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @ dependabot in #3556
- chore: update listr2 version by @ yangannyx in #3542
- docs: Typo in Interface MakerDMGConfig by @ zsewa in #3550
- @ zsewa made their first contribution in #3550
- @ Santhoshmani1 made their first contribution in #3535
-
7.3.1 - 2024-03-20
- build: Bump @ electron/windows-sign deps by @ felixrieseberg in #3524
-
-
-
-
-
-
-
-
-
- @ alicelovescake made their first contribution in #3528
-
7.3.0 - 2024-02-21
- feat(plugin-vite): upgrade to vite@5 by @ caoxiemeihao in #3468
- feat: allow a custom out dir from forge config by @ lutzroeder in #3458
- feat(template-vite): patch types by @ caoxiemeihao in #3494
- feat: adds default fuses to templates by @ yangannyx in #3480
- feat(publisher-github): option to automatically generate release notes by @ dsanders11 in #3484
- fix(electron-release-publisher): change api/version endpoint in PublisherERS to use versions/sorted by @ kgallagher52 in #3431
- fix(core): packageJSON won't be found when programmatic usage instead of CLI by @ ianho in #3455
- fix: actually depend on preceeding groups by @ MarshallOfSound in #3438
- fix: normalize windows version with build part correctly by @ rickymohk in #3461
- fix: .vscode settings.json changes on open by @ lutzroeder in #3460
- fix(plugin-vite): package volume size to large by @ caoxiemeihao in #3336
- refactor: only run webpack once for multi-arch packages by @ MarshallOfSound in #3437
- chore: update Packager by @ erikian in #3419
- chore: bump electronjs/node to 2.2.0 (main) by @ electron-roller in #3469
- chore(plugins/electronegativity): correct some config types by @ Dogdriip in #3482
- chore: use Dependabot to update GitHub Actions deps by @ dsanders11 in #3487
- chore: bump electronjs/node to 2.2.1 (main) by @ electron-roller in #3496
- @ kgallagher52 made their first contribution in #3431
- @ rickymohk made their first contribution in #3461
- @ lutzroeder made their first contribution in #3460
- @ ianho made their first contribution in #3455
- @ yangannyx made their first contribution in #3480
- @ Dogdriip made their first contribution in #3482
from @electron-forge/maker-zip GitHub release notesWhat's Changed
Highlighted Feature:
This version of Forge enables the new Windows ASAR integrity feature in Electron. When ASAR integrity is enabled, your Electron app will verify the header hash of the ASAR archive on runtime. If no hash is present or if there is a mismatch in the hashes, the app will forcefully terminate.
More information about this feature can be found in Electron's documentation here: https://github.com/electron/electron/blob/main/docs/tutorial/asar-integrity.md#using-electron-tooling
Bug Fixes and Improvements
plugin-fusesto import script by @ Santhoshmani1 in #3535New Contributors
Full Changelog: v7.3.1...v7.4.0
What's Changed
Highlighted Feature:
This change enables advanced code signing with [@ electron/windows-sign][@ electron/windows-sign], supporting two different ways to codesign your application and the installer:
Modern: By passing a
windowsSignoption, which will be passed to [@ electron/windows-sign]. This method allows full customization of the code-signing process - and supports more complicated scenarios like cloud-hosted EV certificates, custom sign pipelines, and per-file overrides. It also supports all existing "simple" codesigning scenarios, including just passing a certificate file and password. Please see https://github.com/@ electron/windows-sign for all possible configuration options.When passing
windowsSign, do not pass any other available parameters at the top level (likecertificateFile,certificatePassword, orsignWithParams).Legacy: By passing the top-level settings (
certificateFile,certificatePassword, andsignWithParams). For simple codesigning scenarios, there's no reason not to use this method - it'll work just as fine as the modern method.Bug Fixes and Improvements
fix(publisher-github): don't sanitize asset names before upload by @ dsanders11 in #3485
build: bump memory limit for docs:generate script by @ dsanders11 in #3500
build: fix keyv type resolution warning during dev by @ MarshallOfSound in #3507
build(deps): bump actions/setup-node from 4.0.1 to 4.0.2 by @ dependabot in #3522
build(deps): bump follow-redirects from 1.15.4 to 1.15.6 by @ dependabot in #3537
ci(windows): pin version of wix toolset to v3.14.0 by @ erickzhao in #3525
docs: update forge create-electron-app template to match tutorial by @ alicelovescake in #3528
New Contributors
Full Changelog: v7.3.0...v7.3.1
What's Changed
Features
Fixes
Performance
Other Changes
New Contributors
Full Changelog: v7.2.0...v7.3.0
Commit messages
Package name: @electron-forge/maker-zip
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.