[Snyk] Security upgrade @electron/rebuild from 3.6.0 to 3.7.0

[mm-prodsec-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • e2e/package.json
  • e2e/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @electron/rebuild

The new version differs by 26 commits.

• 96b462a feat: Change node-gyp to @ electron/node-gyp (Slight UI server tabs issue in 4.4.0-rc0 #1157)
• a235385 chore: bump continuousauth/npm to 2.1.1 (main) ([MM-21400] Enable setuid on linux packaging #1156)
• 683129a fix: allow using forks for prebuilt modules (Add pl-PL as spellchecker #1155)
• 9ebf9bd build: ensure setuptools is available on windows
• cc184c3 build: use supported circle windows image
• dd2321c chore: fix lint
• 0bd2100 fix: cross-platform prebuild downloads (Automatic Startup in Windows 10 does not work #1153)
• b1fb8d6 chore: enforce semicolons via eslint ([POC - no merge]: webview -> browserView #1154)
• cb372cd build: fix repository.url in package.json (Client comes with screenshot function?   #1150)
• 14ddd55 chore(deps): bump micromatch from 4.0.4 to 4.0.8 ([MM-21195] add file extension on download #1149)
• f5872bb chore(deps): bump amannn/action-semantic-pull-request from 5.5.2 to 5.5.3 (relocation error: libc.so.6: symbol _dl_starting_up, version GLIBC_PRIVATE not defined in file ld-linux-x86-64.so.2 with link time reference #1147)
• d1fbc59 docs: update option documentation (reply opens sidebar with the cursor in search box #1141)
• b8ac6db chore(deps): bump bcrypt from 3.0.6 to 5.0.0 in /test/fixture/native-app1 (Block formatted input is difficult in Mattermost #1146)
• 670c3ea test: add yarn.lock for native-app1 fixture (MM-20627: Create SECURITY.md #1145)
• bfd050c chore(deps): bump braces from 3.0.2 to 3.0.3 (Improve E2E and enable skipped tests #1144)
• 29c0e2d chore: bump electronjs/node to 2.3.0 (main) ([MM-21469] refactor: e2e test improvements #1142)
• a93581c chore: bump electronjs/node to 2.2.3 (main) ([MM-20363] prevent using api to navigate within the app's window #1137)
• 867e178 chore: bump electronjs/node to 2.2.2 (main) ([MM-20795] Added auto focus on Server Display Name input field #1135)
• de9dd15 chore(deps): bump amannn/action-semantic-pull-request from 5.4.0 to 5.5.2 (Clicking on the + to connect a new server should default focus in the input field #1134)
• 2beab69 build: update yarn.lock to fix audit output ([MM-20822] Added cut/paste/zoom events to other pages and added exceptions for dev tools and new server modal #1133)
• 13a1c29 chore(deps): bump dsanders11/project-actions from 1.2.0 to 1.3.0 ([MM-20794] change suggestion on spellchecker locale change #1132)
• 86cbe44 chore(deps): bump dsanders11/project-actions from 1.1.0 to 1.2.0 (Not possible to open URLs in MM linux client #1131)
• b7d41e3 chore(deps): bump amannn/action-semantic-pull-request from 5.2.0 to 5.4.0 ([MM-21075] Prevent known teams to open in a new app window #1130)
• c7ee1a9 chore: use Dependabot to update GitHub Actions deps ([MM-20660] set white background for OSs which have turned off subpixel aliasing #1129)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[mm-cloud-bot]

@mm-prodsec-bot: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

I understand the commands that are listed here

[devinbinnie]

This is fine with me.
@yasserfaraazkhan Can you run the E2E tests for each OS and make sure everything still rebuilds correctly?

[github-actions]

Here are the test results below:

Test Summary for Linux on commit bd533d0

New failed tests found on Linux:

• menu/view MM-T816 Toggle Full Screen in the Menu Bar

Test Summary for macOS on commit bd533d0

All stable tests passed on macOS.

[yasserfaraazkhan]

@devinbinnie this is good to merge