◐ Shell
clean mode source ↗

[Snyk] Fix for 1 vulnerabilities by jmatsushita · Pull Request #22 · contentascode/nodegit

contentascode

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-gyp The new version differs by 212 commits.
  • 33affe2 v7.0.0: bump version and update changelog
  • ba4f34b doc: update catalina xcode clt download link
  • f7bfce9 doc: update acid test and introduce curl|bash test script
  • 4937722 deps: replace mkdirp with {recursive} mkdir
  • a6b76a8 gyp: update gyp to 0.2.1
  • e529f33 doc: update README to reflect upgrade to gyp-next
  • ebc34ec gyp: update gyp to 0.2.0
  • 9aed628 doc: give more attention to Catalina issues doc
  • 963f2a7 doc: improve cataline discoverability for search engines
  • d45438a deps: update deps, match to npm@7
  • 5f47b7a v5.1.1: bump version and update changelog
  • c255ffb lib: drop "-2" flag for "py.exe" launcher
  • 741ab09 test: remove support for EOL versions of Node.js
  • 6356117 doc, bin: stop suggesting opening node-gyp issues
  • 7b75af3 doc: add macOS Catalina software update info
  • 4f23c7b doc: update link to the code of conduct (#2073)
  • 473cfa2 doc: note in README that Python 3.8 is supported (#2072)
  • e18a61a build: shrink bloated addon binaries on windows
  • ca86ef2 test: bump actions/checkout from v1 to v2
  • e7402b4 doc: update catalina xcode cli tools download link (#2044)
  • 972780b gyp: sync code base with nodejs repo ("undefined symbol: gcry_control" after building in linux/amd64 alpine nodegit/nodegit#1975)
  • dab0305 v5.1.0: bump version and update changelog
  • 35de459 doc: update catalina xcode cli tools download link; formatting
  • 4864219 doc: add download link for Command Line Tools for Xcode

See the full diff

Package name: node-pre-gyp The new version differs by 136 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')