[Snyk] Security upgrade tape-run from 6.0.1 to 9.0.0

[leonardoadame]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • tools/node_modules/eslint/node_modules/parse-entities/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	804/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	Yes	Mature
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1041745	Yes	Mature
	794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Improper Validation SNYK-JS-ELECTRON-1047306	Yes	Mature
	751/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1050882	Yes	Mature
	704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1050999	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1070013	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085705	Yes	Mature
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Out-of-bounds Write SNYK-JS-ELECTRON-1088600	Yes	Mature
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252279	Yes	Mature
	876/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Out-of-bounds SNYK-JS-ELECTRON-1257943	Yes	Mature
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1296559	Yes	Proof of Concept
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-1312314	Yes	Mature
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1313765	Yes	Mature
	704/1000 Why? Has a fix available, CVSS 9.8	Out-of-bounds Write SNYK-JS-ELECTRON-1315668	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1534883	Yes	Mature
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536581	Yes	Proof of Concept
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1656743	Yes	Mature
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910985	Yes	Mature
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Type Confusion SNYK-JS-ELECTRON-1911949	Yes	Proof of Concept
	754/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1912085	Yes	Mature
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-570833	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tape-run

The new version differs by 8 commits.

• ee4654e 9.0.0
• 57adc5f Bump browser-run to support sandbox option. Closes [Snyk] Security upgrade xo from 0.16.0 to 0.40.3 #82
• ccad1ea Include more detailed Headless Testing section ([Snyk] Security upgrade standard from 11.0.1 to 15.0.0 #81)
• 31de6f9 8.0.0
• 20125a6 Bump browser-run to latest, fixing electron security issue ([Snyk] Fix for 5 vulnerabilities #80)
• e93c616 travis: update node versions
• 463bed9 7.0.0
• e032edb bump browser-run to 7.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use After Free

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: c304a61

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR