From c09a4bc4a80e2dc399bdeccf9e8c3ded68764aad Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 26 Mar 2024 21:37:31 +0000 Subject: [PATCH 1/8] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509 --- package-lock.json | 16 ++++++++-------- package.json | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9ab5558e4..13eec716c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "axios": "^1.6.5", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", - "express": "^4.18.3", + "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", @@ -2620,9 +2620,9 @@ } }, "node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", "engines": { "node": ">= 0.6" } @@ -3756,16 +3756,16 @@ } }, "node_modules/express": { - "version": "4.18.3", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.3.tgz", - "integrity": "sha512-6VyCijWQ+9O7WuVMTRBTl+cjNNIzD5cY5mQ1WM8r/LEkI2u8EYpOotESNwzNlyCn3g+dmjKYI6BmNneSr/FSRw==", + "version": "4.19.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.5.0", + "cookie": "0.6.0", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", diff --git a/package.json b/package.json index a2c5d61a9..158f8167c 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "axios": "^1.6.5", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", - "express": "^4.18.3", + "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", From 326038f26261815ebe28f503e294cf19e086ec02 Mon Sep 17 00:00:00 2001 From: TheRockYT <91672537+TheRockYT@users.noreply.github.com> Date: Thu, 4 Apr 2024 23:05:09 +0200 Subject: [PATCH 2/8] Remove custom implementation of MediaSessionService. It is disabled anyway. --- src/preload.ts | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/src/preload.ts b/src/preload.ts index 9bf463bdf..b1f610988 100644 --- a/src/preload.ts +++ b/src/preload.ts @@ -493,23 +493,6 @@ function getTrackID() { return window.location; } -function updateMediaSession(options: Options) { - if ("mediaSession" in navigator) { - navigator.mediaSession.metadata = new MediaMetadata({ - title: options.title, - artist: options.artists, - album: options.album, - artwork: [ - { - src: options.icon, - sizes: "640x640", - type: "image/png", - }, - ], - }); - } -} - /** * Watch for song changes and update title + notify */ @@ -574,9 +557,6 @@ setInterval(function () { } }).then(() => { updateMediaInfo(options, titleOrArtistsChanged); - if (titleOrArtistsChanged) { - updateMediaSession(options); - } }); } else { // just update the time From 84fd35ce0efb5eedfa692fe94a580a3583274300 Mon Sep 17 00:00:00 2001 From: TheRockYT <91672537+TheRockYT@users.noreply.github.com> Date: Thu, 4 Apr 2024 23:06:29 +0200 Subject: [PATCH 3/8] Remove implementation of global shortcuts for media control. --- src/main.ts | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/main.ts b/src/main.ts index f20b6ef5d..5d3daae15 100644 --- a/src/main.ts +++ b/src/main.ts @@ -3,14 +3,12 @@ import { app, BrowserWindow, components, - globalShortcut, ipcMain, protocol, session, } from "electron"; import path from "path"; import { globalEvents } from "./constants/globalEvents"; -import { mediaKeys } from "./constants/mediaKeys"; import { settings } from "./constants/settings"; import { setDefaultFlags, setManagedFlagsFromSettings } from "./features/flags/flags"; import { @@ -147,14 +145,6 @@ function registerHttpProtocols() { } } -function addGlobalShortcuts() { - Object.keys(mediaKeys).forEach((key) => { - globalShortcut.register(`${key}`, () => { - mainWindow.webContents.send("globalEvent", `${(mediaKeys as any)[key]}`); - }); - }); -} - // This method will be called when Electron has finished // initialization and is ready to create browser windows. // Some APIs can only be used after this event occurs. @@ -174,7 +164,6 @@ app.on("ready", async () => { createWindow(); addMenu(mainWindow); createSettingsWindow(); - addGlobalShortcuts(); if (settingsStore.get(settings.trayIcon)) { addTray(mainWindow, { icon }); refreshTray(mainWindow); From 712330f8f17b1a7d2488043f29eb68de4c88ce28 Mon Sep 17 00:00:00 2001 From: TheRockYT <91672537+TheRockYT@users.noreply.github.com> Date: Thu, 4 Apr 2024 23:08:18 +0200 Subject: [PATCH 4/8] Enable MediaSessionService flag to allow listen.tidal.com to control it. --- src/features/flags/flags.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/features/flags/flags.ts b/src/features/flags/flags.ts index 8b156e2c3..df5dbef5e 100644 --- a/src/features/flags/flags.ts +++ b/src/features/flags/flags.ts @@ -9,7 +9,6 @@ import { Logger } from "../logger"; */ export function setDefaultFlags(app: App) { setFlag(app, "disable-seccomp-filter-sandbox"); - setFlag(app, "disable-features", "MediaSessionService"); } /** From d3330472691533bfd852811dd423e44603c227cf Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 20:24:56 +0000 Subject: [PATCH 5/8] fix: upgrade axios from 1.6.5 to 1.6.8 Snyk has created this PR to upgrade axios from 1.6.5 to 1.6.8. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 13eec716c..e3dcb81d7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@electron/remote": "^2.1.2", - "axios": "^1.6.5", + "axios": "^1.6.8", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", "express": "^4.19.2", @@ -1890,11 +1890,11 @@ "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==" }, "node_modules/axios": { - "version": "1.6.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.5.tgz", - "integrity": "sha512-Ii012v05KEVuUoFWmMW/UQv9aRIc3ZwkWDcM+h5Il8izZCtRVpDUfwpoFf7eOtajT3QiGR4yDUx7lPqHJULgbg==", + "version": "1.6.8", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.8.tgz", + "integrity": "sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } diff --git a/package.json b/package.json index 158f8167c..2e365b4f2 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "license": "MIT", "dependencies": { "@electron/remote": "^2.1.2", - "axios": "^1.6.5", + "axios": "^1.6.8", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", "express": "^4.19.2", From 29465ce13a3731da2d19168a8022b6af63ff6d8c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 20:25:00 +0000 Subject: [PATCH 6/8] fix: upgrade electron-store from 8.1.0 to 8.2.0 Snyk has created this PR to upgrade electron-store from 8.1.0 to 8.2.0. See this package in npm: https://www.npmjs.com/package/electron-store See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 13eec716c..0e080d5c3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@electron/remote": "^2.1.2", "axios": "^1.6.5", "discord-rpc": "^4.0.1", - "electron-store": "^8.1.0", + "electron-store": "^8.2.0", "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", @@ -3429,9 +3429,9 @@ } }, "node_modules/electron-store": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/electron-store/-/electron-store-8.1.0.tgz", - "integrity": "sha512-2clHg/juMjOH0GT9cQ6qtmIvK183B39ZXR0bUoPwKwYHJsEF3quqyDzMFUAu+0OP8ijmN2CbPRAelhNbWUbzwA==", + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/electron-store/-/electron-store-8.2.0.tgz", + "integrity": "sha512-ukLL5Bevdil6oieAOXz3CMy+OgaItMiVBg701MNlG6W5RaC0AHN7rvlqTCmeb6O7jP0Qa1KKYTE0xV0xbhF4Hw==", "dependencies": { "conf": "^10.2.0", "type-fest": "^2.17.0" diff --git a/package.json b/package.json index 158f8167c..3810106e9 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "@electron/remote": "^2.1.2", "axios": "^1.6.5", "discord-rpc": "^4.0.1", - "electron-store": "^8.1.0", + "electron-store": "^8.2.0", "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", From a75b0336dbddf8af9de6c318e966851e8d7ebeaf Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 20:25:03 +0000 Subject: [PATCH 7/8] fix: upgrade sass from 1.71.1 to 1.72.0 Snyk has created this PR to upgrade sass from 1.71.1 to 1.72.0. See this package in npm: https://www.npmjs.com/package/sass See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 13eec716c..d902fc3d8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.71.1" + "sass": "^1.72.0" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0", @@ -7053,9 +7053,9 @@ } }, "node_modules/sass": { - "version": "1.71.1", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.71.1.tgz", - "integrity": "sha512-wovtnV2PxzteLlfNzbgm1tFXPLoZILYAMJtvoXXkD7/+1uP41eKkIt1ypWq5/q2uT94qHjXehEYfmjKOvjL9sg==", + "version": "1.72.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.72.0.tgz", + "integrity": "sha512-Gpczt3WA56Ly0Mn8Sl21Vj94s1axi9hDIzDFn9Ph9x3C3p4nNyvsqJoQyVXKou6cBlfFWEgRW4rT8Tb4i3XnVA==", "dependencies": { "chokidar": ">=3.0.0 <4.0.0", "immutable": "^4.0.0", diff --git a/package.json b/package.json index 158f8167c..e26abc5d0 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.71.1" + "sass": "^1.72.0" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0", From 755816c2b8f540dd9c4f1c4fc7544016bb516019 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 25 Apr 2024 04:29:39 +0000 Subject: [PATCH 8/8] fix: upgrade sass from 1.72.0 to 1.74.1 Snyk has created this PR to upgrade sass from 1.72.0 to 1.74.1. See this package in npm: https://www.npmjs.com/package/sass See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index c3335fe80..c89e8e36f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.72.0" + "sass": "^1.74.1" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0", @@ -7053,9 +7053,9 @@ } }, "node_modules/sass": { - "version": "1.72.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.72.0.tgz", - "integrity": "sha512-Gpczt3WA56Ly0Mn8Sl21Vj94s1axi9hDIzDFn9Ph9x3C3p4nNyvsqJoQyVXKou6cBlfFWEgRW4rT8Tb4i3XnVA==", + "version": "1.74.1", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.74.1.tgz", + "integrity": "sha512-w0Z9p/rWZWelb88ISOLyvqTWGmtmu2QJICqDBGyNnfG4OUnPX9BBjjYIXUpXCMOOg5MQWNpqzt876la1fsTvUA==", "dependencies": { "chokidar": ">=3.0.0 <4.0.0", "immutable": "^4.0.0", diff --git a/package.json b/package.json index 3550a7d0d..b038cb8e2 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.72.0" + "sass": "^1.74.1" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0",