Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: prod vulnerability with ffmpeg dependency #7495

Merged
merged 18 commits into from
Mar 24, 2023
Merged

fix: prod vulnerability with ffmpeg dependency #7495

merged 18 commits into from
Mar 24, 2023

Conversation

mmaietta
Copy link
Collaborator

Rewrote the code from the npm package into the electron-builder repo and updated the dependencies to resolve the vulnerability alert

@changeset-bot
Copy link

changeset-bot bot commented Mar 24, 2023
edited
Loading

🦋 Changeset detected

Latest commit: b7446ca

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 8 packages
Name Type
app-builder-lib Patch
dmg-builder Patch
electron-builder-squirrel-windows Patch
electron-builder Patch
electron-forge-maker-appimage Patch
electron-forge-maker-nsis-web Patch
electron-forge-maker-nsis Patch
electron-forge-maker-snap Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@netlify
Copy link

netlify bot commented Mar 24, 2023
edited
Loading

Deploy Preview for car-park-attendant-cleat-11576 ready!

Name Link
🔨 Latest commit b7446ca
🔍 Latest deploy log https://app.netlify.com/sites/car-park-attendant-cleat-11576/deploys/641db95da298080008e6a145
😎 Deploy Preview https://deploy-preview-7495--car-park-attendant-cleat-11576.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@ItsHarper
Copy link
Contributor

What is the risk of using downloadAlternateFFmpeg in 24.1.0?

@mmaietta
Copy link
Collaborator Author

mmaietta commented Mar 24, 2023
edited
Loading

@NoahAndrews, there's just a vulnerability in the request subdependency and removing the original dependency additions - it also may not work on Windows? Was able to refactor/rebuild the feature in a much more simpler manner and verify fix across all 3 os: linux, windows, mac via unit tests

I'll be pushing out this release very shortly (today) for 24.1.1

@mmaietta mmaietta merged commit 91f86ae into master Mar 24, 2023
@mmaietta mmaietta deleted the fix/ffmepg-migration branch March 24, 2023 18:54
@github-actions github-actions bot mentioned this pull request Mar 24, 2023
Merged
@lurdbinanc lurdbinanc mentioned this pull request Apr 8, 2023
Closed
@lurdbinanc
Copy link

@NoahAndrews, there's just a vulnerability in the request subdependency and removing the original dependency additions - it also may not work on Windows? Was able to refactor/rebuild the feature in a much more simpler manner and verify fix across all 3 os: linux, windows, mac via unit tests
v3.1
V3.0
V2.0
I'll be pushing out this release very shortly (today) for 24.1.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
app-builder-lib linux mac windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mmaietta @ItsHarper @lurdbinanc