[Snyk] Fix for 2 vulnerabilities by snyk-bot · Pull Request #12 · contentascode/nodegit
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536528 |
Yes | No Known Exploit |
|
696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536531 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: node-gyp
The new version differs by 49 commits.- 41f2b23 4.0.0
- 35e765b doc: update changelog
- ceed5cb deps: updated tar package version to 4.4.8
- 374519e Upgrade to tar v3
- e6699d1 test: fix addon test for Node.js 12 and V8 7.4
- 0c6bf53 lib: use print() for python version detection
- 9a404d6 3.8.0
- 9b9d98f doc: update changelog
- c5929cb doc: update Xcode preferences tab name.
- 8b488da doc: update link to commit guidelines
- b4fe8c1 doc: fix visual studio links
- 536759c configure: use sys.version_info to get python version
- 94c39c6 gyp: fix ninja build failure (GYP patch)
- e8ea74e tools: patch gyp to avoid xcrun errors
- ea9aff4 tools: fix "the the" typos in comments
- 207e5aa gyp: implement LD/LDXX for ninja and FIPS
- b416c5f gyp: enable cctest to use objects (gyp part)
- 40692d0 gyp: add compile_commands.json gyp generator
- fc3c4e2 gyp: float gyp patch for long filenames
- 8aedbfd gyp: backport GYP fix to fix AIX shared suffix
- 6cd84b8 test: formatting and minor fixes for execFileSync replacement
- 60e4213 test: added test/processExecSync.js for when execFileSync is not available.
- 969447c deps: bump request to 2.8.7, fixes heok/hawk issues
- 340403c win: improve parsing of SDK version
Package name: node-pre-gyp
The new version differs by 39 commits.- 2844fa4 bump to v0.8.0 with N-API support
- b22612c remove node-pre-gyp dep from app7 package.json
- 9bb97af Merge pull request Update dependency node-pre-gyp to ~0.6 nodegit/nodegit#345 from inspiredware/napi-support
- c31cce4 Merge branch 'master' into napi-support
- cf3ebb6 bump to v0.7.1 with tar v4.x
- 9bc1ff3 avoid double declare of tape in devDeps
- b1ce220 fix package.json syntax
- e9fb2e5 Merge pull request Module fails to load nodegit/nodegit#299 from isaacs/master
- 81f2e60 Merge branch 'master' into master
- e7bb6cd bump to v0.7.0 / drop node v0.10.x support
- 837c48b update versions
- af507d1 Merge pull request Added checkout head method and tests nodegit/nodegit#347 from krotscheck/hawk
- eda90e0 Remove dependency on hawk, upgrade request
- 9684ef6 Another CI build tweak
- 9870491 Addresses CI build errors
- b2ed35a update with latest versions
- e352a05 kick travis
- 37eb637 bump to v0.6.40
- 8f7c497 CI tweaks
- 488ac7b Fix for code cleanup
- 82a641e Code cleanup.
- f0719bd Fix for reveal command
- 1122fdb Fixes clean and app7 for automated testing
- 411f5be Windows fixes
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report