grunt-electron latest version includes vulnerable mksnapshot

[jlindberg-oss]

Preflight Checklist

• I have read the contribution documentation for this project.
• I agree to follow the code of conduct that this project follows, as appropriate.
• I have searched the issue tracker for a bug that matches the one I want to file, without success.

Issue Details

#952 updated the asar dependency of electron-packager to move off of mksnapshot, which had a high severity vulnerability in a transitive dependency: https://www.npmjs.com/advisories/777

More details at electron/asar#165

However no release of grunt-electron has been created so the latest version (9.0.1) still includes the vulnerable dependency.

I am opening this issue here per the README of grunt-electron: https://github.com/sindresorhus/grunt-electron/blob/master/readme.md

To Reproduce

npm install --save grunt-electron
npm audit

[welcome]

👋 Thanks for opening your first issue here! If you have a question about using Electron Packager, read the support docs. If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. Development and issue triage is community-driven, so please be patient and we will get back to you as soon as we can.

To help make it easier for us to investigate your issue, please follow the contributing guidelines.

[malept]

Despite what the grunt-electron README says, this issue should be reported in the grunt-electron repository itself. electron-packager already has the dependency update, and grunt-electron just needs to be updated to electron-packager >= 13.1.0 as per the NEWS file.