dbus-vis: bump electron.js from 8.2.4 to 11.5.0
Dependabot reports a vulnerability with the old version (8.2.4) of
electron.js:
GHSA-mpjm-v997-c4h4
moderate severity
Vulnerable versions: < 11.5.0
Patched version: 11.5.0
Impact: This vulnerability allows a sandboxed renderer to request a
"thumbnail" image of an arbitrary file on the user's system. The
thumbnail can potentially include significant parts of the original
file, including textual data in many cases.
Updating electron to 11.5.0 fixes this issue.
Signed-off-by: Sui Chen <suichen@google.com>
Change-Id: I86e5797d689e2b4b3e5643e587dc7ed7e482c659
diff --git a/dbus-vis/package.json b/dbus-vis/package.json
index 751c2fb..fab7bbc 100644
--- a/dbus-vis/package.json
+++ b/dbus-vis/package.json
@@ -15,7 +15,7 @@
"IPMI"
],
"devDependencies": {
- "electron": "^8.2.4"
+ "electron": "^11.5.0"
},
"dependencies": {
"electron-dialog": "^2.0.0",