* refactor: clean up the default app, add CSP * chore: appease the linter * refactor: make js2asar more generic, dont assume default_app as target
* fix dependency vulnerabilities * fix vulnerabilities in spec
In order to have 100% reproducible builds, Electron needs package-lock.json. This is necessary because some dependencies affect the build output (browserify for example, is used to generate the common js environment for sandboxed renderers).