[Snyk] Security upgrade electron from 15.5.7 to 33.4.8

[TheRedHatter]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• doc/js_tutorials/js_assets/webnn-electron/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Isolation or Compartmentalization SNYK-JS-ELECTRON-9572084	845

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected] ➜ 33.4.8	Transitive: network	+69	3.14 MB	electron-nightly, electronhq
pypi/[email protected]	None	0	9.45 kB	mihaimaruseac, rostam, tf-nightly
pypi/[email protected]	Transitive: environment, eval, filesystem, unsafe	+238	2.05 GB
pypi/[email protected]	Transitive: environment, eval, filesystem, shell, unsafe	+12	1.55 GB	atalman, facebook, malfet, ...2 more
pypi/[email protected]	Transitive: environment, eval, filesystem, shell	+73	309 MB	atalman, ezyang, facebook, ...3 more

View full report↗︎

[TheRedHatter]

Checkmarx One – Scan Summary & Details – d3ed6b58-b094-4d02-98a7-a1933f4b231f

New Issues (28)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2017-1000487	Maven-org.codehaus.plexus:plexus-utils-3.0	details Recommended version: 3.0.24 Description: Plexus-utils versions prior to 3.0.16 are vulnerable to command injection because it does not correctly process the contents of double quoted strings. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2018-7712	Python-opencv-python-4.5.5.64	details Description: ** DISPUTED ** The validateInputImageSize function in `modules/imgcodecs/src/loadsave.cpp` in OpenCV allows remote attackers to cause a denial of s... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2018-7713	Python-opencv-python-4.5.5.64	details Description: ** DISPUTED ** The "validateInputImageSize" function in "modules/imgcodecs/src/loadsave.cpp" in OpenCV allows remote attackers to cause a denial of... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2019-9423	Python-opencv-python-4.5.5.64	details Description: In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of priv... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
	CVE-2021-35515	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted 7Z archive before 1.21, the construction of the list of codecs that decompress an entry can result in an infinite ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2021-35516	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted 7Z archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of m... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2021-35517	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted TAR archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2021-37714	Maven-org.jsoup:jsoup-1.6.1	details Recommended version: 1.15.3 Description: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2021-43138	Npm-async-1.5.2	details Recommended version: 2.6.4 Description: In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the "mapValues()" method, aka "lib/internal/iterator.js" "cr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
	CVE-2022-4244	Maven-org.codehaus.plexus:plexus-utils-3.0	details Recommended version: 3.0.24 Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outs... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2023-2618	Cpp-opencv-4.5.5	details Recommended version: 4.5.5-openvino-2022.1.0 Description: A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module versions prior to 4.8.0. Affected by this issue... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2023-2618	Cpp-opencv-3.4.20	details Recommended version: 4.8.0 Description: A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module versions prior to 4.8.0. Affected by this issue... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2023-4863	Python-opencv-python-4.5.5.64	details Recommended version: 4.8.1.78 Description: A Heap-Based Buffer Overflow vulnerability in "libwebp" in versions prior to 1.3.2 allows an attacker to perform an out-of-bounds memory write. Th... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-10569	Python-gradio-5.23.1	details Description: A vulnerability in the dataframe component of gradio-app/gradio allows for a zip bomb attack. The component uses "pd.read_csv" to process input val... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-10624	Python-gradio-5.23.1	details Description: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio, affecting the "gr.Datetime" component. The vulnerabil... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-10648	Python-gradio-5.23.1	details Description: A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of versions 3.45.0b12 through 3.45.0b13 and 4.0.0b15 a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-47554	Maven-commons-io:commons-io-2.4	details Recommended version: 2.11.0.redhat-00004 Description: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The "org.apache.commons.io.input.XmlStreamReader" class may excessively consu... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2012-5783	Maven-commons-httpclient:commons-httpclient-3.1	details Description: Apache Commons HttpClient prior to 4.0-alpha1, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not ver... Attack Vector: NETWORK Attack Complexity: MEDIUM Vulnerable Package
	CVE-2015-6748	Maven-org.jsoup:jsoup-1.6.1	details Recommended version: 1.15.3 Description: Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2018-11771	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
	CVE-2020-13956	Maven-commons-httpclient:commons-httpclient-3.1	details Description: Apache HttpClient can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong ta... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2020-15250	Maven-junit:junit-4.11	details Recommended version: 4.13.1 Description: In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like sys... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
	CVE-2021-29425	Maven-commons-io:commons-io-2.4	details Recommended version: 2.11.0.redhat-00004 Description: In Apache Commons IO from 2.2 up to 2.6, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
	CVE-2022-36033	Maven-org.jsoup:jsoup-1.6.1	details Recommended version: 1.15.3 Description: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2022-4245	Maven-org.codehaus.plexus:plexus-utils-3.0	details Recommended version: 3.0.24 Description: A flaw was found in codehaus-plexus versions prior to 3.0.24. The 'org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment' fails to sanitize comme... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-25710	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress 1.3 thr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
	Cxeb68d52e-5509	Maven-commons-codec:commons-codec-1.2	details Recommended version: 1.4.0.redhat-4 Description: Apache commons-codec before 1.13 is vulnerable to information exposure. The Base32 and Base64 implementation blindly decode invalid string, which c... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package

Fixed Issues (58)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2021-37997	Npm-electron-15.5.7
	CVE-2021-38005	Npm-electron-15.5.7
	CVE-2021-4053	Npm-electron-15.5.7
	CVE-2022-2399	Npm-electron-15.5.7
	CVE-2022-2607	Npm-electron-15.5.7
	CVE-2022-2609	Npm-electron-15.5.7
	CVE-2022-2617	Npm-electron-15.5.7
	CVE-2022-2854	Npm-electron-15.5.7
	CVE-2022-2998	Npm-electron-15.5.7
	CVE-2022-3051	Npm-electron-15.5.7
	CVE-2022-3052	Npm-electron-15.5.7
	CVE-2022-3071	Npm-electron-15.5.7
	CVE-2022-3308	Npm-electron-15.5.7
	CVE-2022-3657	Npm-electron-15.5.7
	CVE-2022-3887	Npm-electron-15.5.7
	CVE-2022-4452	Npm-electron-15.5.7
	CVE-2023-0474	Npm-electron-15.5.7
	CVE-2023-2135	Npm-electron-15.5.7
	CVE-2023-3732	Npm-electron-15.5.7
	CVE-2023-4074	Npm-electron-15.5.7
	CVE-2023-4428	Npm-electron-15.5.7
	CVE-2023-4429	Npm-electron-15.5.7
	CVE-2023-5854	Npm-electron-15.5.7
	CVE-2023-5857	Npm-electron-15.5.7
	CVE-2023-6348	Npm-electron-15.5.7
	CVE-2024-1673	Npm-electron-15.5.7
	CVE-2024-2886	Npm-electron-15.5.7
	CVE-2024-3832	Npm-electron-15.5.7
	CVE-2024-3833	Npm-electron-15.5.7
	CVE-2024-4761	Npm-electron-15.5.7
	CVE-2024-6100	Npm-electron-15.5.7
	CVE-2024-7023	Npm-electron-15.5.7
	CVE-2024-7534	Npm-electron-15.5.7
	CVE-2024-7973	Npm-electron-15.5.7
	CVE-2024-8194	Npm-electron-15.5.7
	CVE-2024-8636	Npm-electron-15.5.7
	CVE-2024-9959	Npm-electron-15.5.7
	CVE-2025-0291	Npm-electron-15.5.7
	CVE-2025-0999	Npm-electron-15.5.7
	CVE-2025-1915	Npm-electron-15.5.7
	CVE-2021-38019	Npm-electron-15.5.7
	CVE-2021-42307	Npm-electron-15.5.7
	CVE-2022-0455	Npm-electron-15.5.7
	CVE-2022-0806	Npm-electron-15.5.7
	CVE-2022-21931	Npm-electron-15.5.7
	CVE-2022-3310	Npm-electron-15.5.7
	CVE-2022-3314	Npm-electron-15.5.7
	CVE-2022-41115	Npm-electron-15.5.7
	CVE-2022-4908	Npm-electron-15.5.7
	CVE-2023-1226	Npm-electron-15.5.7
	CVE-2023-4359	Npm-electron-15.5.7
	CVE-2023-4906	Npm-electron-15.5.7
	CVE-2024-0333	Npm-electron-15.5.7
	CVE-2024-1676	Npm-electron-15.5.7
	CVE-2024-26163	Npm-electron-15.5.7
	CVE-2024-3843	Npm-electron-15.5.7
	CVE-2024-7975	Npm-electron-15.5.7
	CVE-2024-8907	Npm-electron-15.5.7