[Snyk] Upgrade @electron-forge/maker-zip from 7.3.0 to 7.4.0 #15
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade @electron-forge/maker-zip from 7.3.0 to 7.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 2 versions ahead of your current version.
The recommended version was released a month ago, on 2024-04-11.
Release notes
Package name: @electron-forge/maker-zip
What's Changed
Highlighted Feature:
This version of Forge enables the new Windows ASAR integrity feature in Electron. When ASAR integrity is enabled, your Electron app will verify the header hash of the ASAR archive on runtime. If no hash is present or if there is a mismatch in the hashes, the app will forcefully terminate.
More information about this feature can be found in Electron's documentation here: https://github.com/electron/electron/blob/main/docs/tutorial/asar-integrity.md#using-electron-tooling
Bug Fixes and Improvements
plugin-fuses
to import script by @ Santhoshmani1 in #3535New Contributors
Full Changelog: v7.3.1...v7.4.0
What's Changed
Highlighted Feature:
This change enables advanced code signing with [@ electron/windows-sign][@ electron/windows-sign], supporting two different ways to codesign your application and the installer:
Modern: By passing a
windowsSign
option, which will be passed to [@ electron/windows-sign]. This method allows full customization of the code-signing process - and supports more complicated scenarios like cloud-hosted EV certificates, custom sign pipelines, and per-file overrides. It also supports all existing "simple" codesigning scenarios, including just passing a certificate file and password. Please see https://github.com/@ electron/windows-sign for all possible configuration options.When passing
windowsSign
, do not pass any other available parameters at the top level (likecertificateFile
,certificatePassword
, orsignWithParams
).Legacy: By passing the top-level settings (
certificateFile
,certificatePassword
, andsignWithParams
). For simple codesigning scenarios, there's no reason not to use this method - it'll work just as fine as the modern method.Bug Fixes and Improvements
fix(publisher-github): don't sanitize asset names before upload by @ dsanders11 in #3485
build: bump memory limit for docs:generate script by @ dsanders11 in #3500
build: fix keyv type resolution warning during dev by @ MarshallOfSound in #3507
build(deps): bump actions/setup-node from 4.0.1 to 4.0.2 by @ dependabot in #3522
build(deps): bump follow-redirects from 1.15.4 to 1.15.6 by @ dependabot in #3537
ci(windows): pin version of wix toolset to v3.14.0 by @ erickzhao in #3525
docs: update forge create-electron-app template to match tutorial by @ alicelovescake in #3528
New Contributors
Full Changelog: v7.3.0...v7.3.1
What's Changed
Features
Fixes
Performance
Other Changes
New Contributors
Full Changelog: v7.2.0...v7.3.0
Commit messages
Package name: @electron-forge/maker-zip
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.