{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":422940825,"defaultBranch":"default","name":"example-electron-playwright","ownerLogin":"sthagen","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-10-30T16:58:54.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/450800?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1635613134.867143","currentOid":""},"activityList":{"items":[{"before":"0413aa6fcd658d17b6faa8e5afb0ff029b3909f0","after":"5c824cf71057250fd768f5112b6d54e7446c145f","ref":"refs/heads/default","pushedAt":"2023-12-26T19:23:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Bumped electron version to 26\n\n- still have the CVE-2022-33987 - Got allows a redirect to a UNIX socket\n  with an estimated CVSSv3.1 base score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n  npm audit claims we could fix by bumping to electron-chromedriver@27.2.0, which is a breaking change\n- all tests pass, so for now we store this working version on our way to a present supported version of electron\n\nSigned-off-by: Stefan Hagen <stefan@hagen.link>","shortMessageHtmlLink":"Bumped electron version to 26"}},{"before":"2f2ff1324fdba1dfac3cf9a13fc3829fa5e58d38","after":"0413aa6fcd658d17b6faa8e5afb0ff029b3909f0","ref":"refs/heads/default","pushedAt":"2023-12-26T19:21:22.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Bumped electron version to 25\n\n- still have the CVE-2022-33987 - Got allows a redirect to a UNIX socket\n  with an estimated CVSSv3.1 base score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n  npm audit claims we could fix by bumping to electron-chromedriver@27.2.0, which is a breaking change\n- all tests pass, so for now we store this working version on our way to a present supported version of electron\n\nSigned-off-by: Stefan Hagen <stefan@hagen.link>","shortMessageHtmlLink":"Bumped electron version to 25"}},{"before":"81459a2325eeb4a7c42b61ecff41b00a6af57a2a","after":"2f2ff1324fdba1dfac3cf9a13fc3829fa5e58d38","ref":"refs/heads/default","pushedAt":"2023-12-26T19:16:44.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Bumped electron to 24\n\n- Fixed (again) CVE-2023-44402 - ASAR Integrity bypass via filetype confusion in electron\n  with an estimated CVSSv3.1 base score of 6.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L)\n- still have the CVE-2022-33987 - Got allows a redirect to a UNIX socket\n  with an estimated CVSSv3.1 base score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n  npm audit claims we could fix by bumping to electron-chromedriver@27.2.0, which is a breaking change\n- all tests pass, so for now we store this working version on our way to a present supported version of electron\n\nSigned-off-by: Stefan Hagen <stefan@hagen.link>","shortMessageHtmlLink":"Bumped electron to 24"}},{"before":"1577fb85a7be6b433bfe5079247546e06e5203c8","after":"81459a2325eeb4a7c42b61ecff41b00a6af57a2a","ref":"refs/heads/default","pushedAt":"2023-12-26T19:05:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Bumped electron to 23\n\n- thus, re-introduced CVE-2023-44402 - ASAR Integrity bypass via filetype confusion in electron\n  with an estimated CVSSv3.1 base score of 6.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L)\n- we also still have the CVE-2022-33987 - Got allows a redirect to a UNIX socket\n  with an estimated CVSSv3.1 base score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n  npm audit claims we could fix by bumping to electron-chromedriver@27.2.0, which is a breaking change\n- all tests pass, so for now we store this working version on our way to a present supported version of electron\n\nSigned-off-by: Stefan Hagen <stefan@hagen.link>","shortMessageHtmlLink":"Bumped electron to 23"}},{"before":"6c813f7d46652920416aab94a1b36b81df78c0d1","after":"1577fb85a7be6b433bfe5079247546e06e5203c8","ref":"refs/heads/default","pushedAt":"2023-12-26T16:54:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Fixed 3/4 vulns for real (noisy typos)\n\n- Fixed CVE-2023-39956 - Electron vulnerable to out-of-package code execution when launched with arbitrary cwd\n  with an estimated CVSSv3.1 base score of 6.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L)\n- Fixed CVE-2023-5217 - Electron affected by libvpx's heap buffer overflow in vp8 encoding\n  with an estimated CVSSv3.1 base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n- Fixed CVE-2023-44402 - ASAR Integrity bypass via filetype confusion in electron\n  with an estimated CVSSv3.1 base score of 6.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L)\n- The prvious commit only fixed CVE-2023-29198 - Electron context isolation bypass via nested unserializable return value\n  as the target versio of electron was 22.3.7 ionstaed of the intended 22.3.27 - sorry for the noise.\n\nSigned-off-by: Stefan Hagen <stefan@hagen.link>","shortMessageHtmlLink":"Fixed 3/4 vulns for real (noisy typos)"}},{"before":"181508587bbbc51cd83947eae113030294baae8b","after":"6c813f7d46652920416aab94a1b36b81df78c0d1","ref":"refs/heads/default","pushedAt":"2023-12-26T16:47:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Fixed several vulnerabilities per bump of electron\n\n- Fixed CVE-2023-39956 - Electron vulnerable to out-of-package code execution when launched with arbitrary cwd\n- Fixed CVE-2023-29198 - Electron context isolation bypass via nested unserializable return value\n- Fixed CVE-2023-5217 - Electron affected by libvpx's heap buffer overflow in vp8 encoding\n- Fixed CVE-2023-44402 - ASAR Integrity bypass via filetype confusion in electron\n\nSigned-off-by: Stefan Hagen <stefan@hagen.link>","shortMessageHtmlLink":"Fixed several vulnerabilities per bump of electron"}},{"before":"4e4a7e2e5afdfc4e87da39d5c74e6466db303318","after":"181508587bbbc51cd83947eae113030294baae8b","ref":"refs/heads/default","pushedAt":"2023-07-18T07:44:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Bumped impl deps (electron==18.3.7)","shortMessageHtmlLink":"Bumped impl deps (electron==18.3.7)"}},{"before":"5b38f1e1457fad03dec7c0a52f5a6169e1133d42","after":"4e4a7e2e5afdfc4e87da39d5c74e6466db303318","ref":"refs/heads/default","pushedAt":"2023-07-18T07:38:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sthagen","name":"Stefan Hagen","path":"/sthagen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/450800?s=80&v=4"},"commit":{"message":"Case change to trigger remote git notification ...","shortMessageHtmlLink":"Case change to trigger remote git notification ..."}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAD0lMpuQA","startCursor":null,"endCursor":null}},"title":"Activity · sthagen/example-electron-playwright"}