electron-installer-common - npm Package Compare versions

Comparing version 0.6.0 to 0.6.1

NEWS.md

@@ -5,4 +5,12 @@ # `electron-installer-common` - Changes by Version
 
-[Unreleased]: https://github.com/electron-userland/electron-installer-common/compare/v0.6.0...master
+[Unreleased]: https://github.com/electron-userland/electron-installer-common/compare/v0.6.1...master
 
+## [0.6.1] - 2019-02-19
+
+[0.6.1]: https://github.com/electron-userland/electron-installer-common/compare/v0.6.0...v0.6.1
+
+### Fixed
+
+* Upgrade `asar` to `^1.0.0`, which removes a vulnerable transitive dependency (#15)
+
 ## [0.6.0] - 2019-01-22
@@ -9,0 +17,0 @@

package.json

 {
   "name": "electron-installer-common",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "Common functionality for creating distributable Electron apps",
@@ -38,3 +38,3 @@ "author": "Mark Lee",
   "dependencies": {
-    "asar": "^0.14.6",
+    "asar": "^1.0.0",
     "cross-spawn-promise": "^0.10.1",
@@ -41,0 +41,0 @@ "debug": "^4.1.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33881

increased by0.65%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• + Addedasar@1.0.0(transitive)

• + Addedpify@4.0.1(transitive)

• - Removedabbrev@1.1.1(transitive)

• - Removedajv@6.12.6(transitive)

• - Removedasar@0.14.6(transitive)

• - Removedasn1@0.2.6(transitive)

• - Removedassert-plus@1.0.0(transitive)

• - Removedasynckit@0.4.0(transitive)

• - Removedaws-sign2@0.7.0(transitive)

• - Removedaws4@1.13.2(transitive)

• - Removedbcrypt-pbkdf@1.0.2(transitive)

• - Removedbinary@0.3.0(transitive)

• - Removedbuffers@0.1.1(transitive)

• - Removedcaseless@0.12.0(transitive)

• - Removedchainsaw@0.1.0(transitive)

• - Removedcombined-stream@1.0.8(transitive)

• - Removedcore-util-is@1.0.21.0.3(transitive)

• - Removeddashdash@1.14.1(transitive)

• - Removeddecompress-zip@0.3.3(transitive)

• - Removeddelayed-stream@1.0.0(transitive)

• - Removedecc-jsbn@0.1.2(transitive)

• - Removedextend@3.0.2(transitive)

• - Removedextsprintf@1.3.0(transitive)

• - Removedfast-deep-equal@3.1.3(transitive)

• - Removedfast-json-stable-stringify@2.1.0(transitive)

• - Removedforever-agent@0.6.1(transitive)

• - Removedform-data@2.3.3(transitive)

• - Removedfs-extra@0.26.7(transitive)

• - Removedgetpass@0.1.7(transitive)

• - Removedglob@6.0.4(transitive)

• - Removedhar-schema@2.0.0(transitive)

• - Removedhar-validator@5.1.5(transitive)

• - Removedhttp-signature@1.2.0(transitive)

• - Removedis-typedarray@1.0.0(transitive)

• - Removedisarray@0.0.1(transitive)

• - Removedisstream@0.1.2(transitive)

• - Removedjsbn@0.1.1(transitive)

• - Removedjson-schema@0.4.0(transitive)

• - Removedjson-schema-traverse@0.4.1(transitive)

• - Removedjson-stringify-safe@5.0.1(transitive)

• - Removedjsonfile@2.4.0(transitive)

• - Removedjsprim@1.4.2(transitive)

• - Removedklaw@1.3.1(transitive)

• - Removedmime-db@1.52.0(transitive)

• - Removedmime-types@2.1.35(transitive)

• - Removedmkpath@0.1.0(transitive)

• - Removedmksnapshot@0.3.5(transitive)

• - Removednopt@1.0.103.0.6(transitive)

• - Removedoauth-sign@0.9.0(transitive)

• - Removedos-tmpdir@1.0.2(transitive)

• - Removedperformance-now@2.1.0(transitive)

• - Removedpsl@1.9.0(transitive)

• - Removedpunycode@2.3.1(transitive)

• - Removedq@1.5.1(transitive)

• - Removedqs@6.5.3(transitive)

• - Removedreadable-stream@1.1.14(transitive)

• - Removedrequest@2.88.2(transitive)

• - Removedsafe-buffer@5.2.1(transitive)

• - Removedsafer-buffer@2.1.2(transitive)

• - Removedsshpk@1.18.0(transitive)

• - Removedstring_decoder@0.10.31(transitive)

• - Removedtmp@0.0.28(transitive)

• - Removedtouch@0.0.3(transitive)

• - Removedtough-cookie@2.5.0(transitive)

• - Removedtraverse@0.3.9(transitive)

• - Removedtunnel-agent@0.6.0(transitive)

• - Removedtweetnacl@0.14.5(transitive)

• - Removeduri-js@4.4.1(transitive)

• - Removeduuid@3.4.0(transitive)

• - Removedverror@1.10.0(transitive)

• Updatedasar@^1.0.0