Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-tools / 54904b05764f337d7716691bd2240f328c010ec6^! / .
commit54904b05764f337d7716691bd2240f328c010ec6[log] [tgz]
authorSui Chen <suichen@google.com>Fri Nov 05 15:03:19 2021 -0700
committerSui Chen <suichen@google.com>Mon Nov 08 14:48:50 2021 -0800
tree5931dd3ba09741c5dfd12aaa1963f3e28c80d3be
parent27cf933227bdd9cb91eade05b65bc5e1de00bb20 [diff]
dbus-vis: bump electron.js from 8.2.4 to 11.5.0

Dependabot reports a vulnerability with the old version (8.2.4) of
electron.js:

GHSA-mpjm-v997-c4h4
moderate severity
Vulnerable versions: < 11.5.0
Patched version: 11.5.0
Impact: This vulnerability allows a sandboxed renderer to request a
"thumbnail" image of an arbitrary file on the user's system. The
thumbnail can potentially include significant parts of the original
file, including textual data in many cases.

Updating electron to 11.5.0 fixes this issue.

Signed-off-by: Sui Chen <suichen@google.com>
Change-Id: I86e5797d689e2b4b3e5643e587dc7ed7e482c659

diff --git a/dbus-vis/package.json b/dbus-vis/package.json
index 751c2fb..fab7bbc 100644
--- a/dbus-vis/package.json
+++ b/dbus-vis/package.json

@@ -15,7 +15,7 @@
     "IPMI"
   ],
   "devDependencies": {
-    "electron": "^8.2.4"
+    "electron": "^11.5.0"
   },
   "dependencies": {
     "electron-dialog": "^2.0.0",