[Snyk] Upgrade electron-notarize from 1.0.0 to 1.2.1

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade electron-notarize from 1.0.0 to 1.2.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2022-03-24.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: electron-notarize

• 1.2.1 - 2022-03-24
  

  1.2.1 (2022-03-24)

  Bug Fixes

  • make notary tool file extension agnostic (#95) (8c3d695)
• 1.1.1 - 2021-09-02
  

  1.1.1 (2021-09-02)

  Bug Fixes

  • export NotarizeOptions (204e0cb)
• 1.1.0 - 2021-08-06
  

  1.1.0 (2021-08-06)

  Features

  • add support for the new Xcode 13 notarytool (#82) (7c15b42)
• 1.0.1 - 2021-07-31
  

  1.0.1 (2021-07-31)

  Bug Fixes

  • use ditto instead of zip (#57) (2c7274f)
• 1.0.0 - 2020-06-09
  

  1.0.0 (2020-06-09)

  Build System

  • deps: upgrade fs-extra to ^9.0.1 (38971ea)

  BREAKING CHANGES

  • deps: Requires Node >= 10.0.0.

from electron-notarize GitHub release notes

Commit messages

Package name: electron-notarize

• f8b7282 build(deps): bump tmpl from 1.0.4 to 1.0.5 (Update ipfsd-ctl to version 0.6.0 🚀 ipfs/ipfs-desktop#89)
• 8c3d695 fix: make notary tool file extension agnostic (Update babel-core to version 6.0.18 🚀 ipfs/ipfs-desktop#95)
• 7847e27 feat: make --keychain option optional (Update babel-core to version 6.0.17 🚀 ipfs/ipfs-desktop#94)
• 204e0cb fix: export NotarizeOptions
• a6565cd build(deps): bump tar from 4.4.15 to 4.4.19
• a11346f build(deps): bump path-parse from 1.0.6 to 1.0.7 (Update babel to version 6.0.14 🚀 ipfs/ipfs-desktop#85)
• 7c15b42 feat: add support for the new Xcode 13 notarytool (Update babel to version 6.0.12 🚀 ipfs/ipfs-desktop#82)
• bc286ff Merge pull request Update winston to version 2.0.0 🚀 ipfs/ipfs-desktop#81 from electron/dependabot/npm_and_yarn/tar-4.4.15
• 29afa69 build(deps): bump tar from 4.4.13 to 4.4.15
• 2c7274f fix: use ditto instead of zip (Configure Renovate - autoclosed #57)
• e7ea248 Merge pull request Update babel to version 6.0.2 🚀 ipfs/ipfs-desktop#76 from electron/dependabot/npm_and_yarn/normalize-url-4.5.1
• 218c6f6 Merge pull request Update babel-core to version 6.0.2 🚀 ipfs/ipfs-desktop#79 from electron/dependabot/npm_and_yarn/acorn-6.4.2
• e4b84c7 build(deps): bump acorn from 6.4.0 to 6.4.2
• df15819 Merge pull request Update babel-core to version 6.0.0 🚀 ipfs/ipfs-desktop#78 from electron/dependabot/npm_and_yarn/glob-parent-5.1.2
• 19bc6c2 build(deps): bump glob-parent from 5.1.0 to 5.1.2
• baec84d build(deps): bump normalize-url from 4.5.0 to 4.5.1
• ace1375 Merge pull request chore(deps): bump unzip-stream from 0.3.0 to 0.3.4 devcode1981/ipfs-desktop#74 from electron/dependabot/npm_and_yarn/ws-7.4.6
• cc0de33 build(deps): bump ws from 7.2.1 to 7.4.6
• b188274 build(deps): bump hosted-git-info from 2.8.8 to 2.8.9
• 18d2e24 build(deps): bump handlebars from 4.7.6 to 4.7.7
• 2318883 build(deps): bump ssri from 6.0.1 to 6.0.2
• 6aae9f6 build(deps): bump lodash from 4.17.19 to 4.17.21
• 1229c90 Merge pull request chore(deps): bump minimist from 1.2.5 to 1.2.7 devcode1981/ipfs-desktop#67 from electron/dependabot/npm_and_yarn/y18n-3.2.2
• 16e3378 build(deps): bump y18n from 3.2.1 to 3.2.2

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs