[Snyk] Security upgrade node-pre-gyp from 0.6.39 to 0.17.0 by jmatsushita · Pull Request #25 · contentascode/nodegit
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
858/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.3 |
Authentication Bypass SNYK-JS-HAWK-6969142 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: node-pre-gyp
The new version differs by 136 commits.- de39503 bump to v0.17.0
- 39eb005 update deps
- dda7bdb skip less
- 834bbe0 latest releases
- 9611242 alt solution to Transfer callback stats are being converted wrong nodegit/nodegit#432 in order to fix windows/appveyor builds
- 3d3b4ee remove broken or partially broken badges
- 99b6f50 attempt to fix webkit tests per https://benlimmer.com/2019/01/14/travis-ci-xvfb/
- 6ff06c8 travis-ci.com link
- 27e150d latest node versions
- a78e473 remove tests related to python that shift depending on the node-gyp version
- ac2a149 Merge pull request Issues on scientific linux 6.6 nodegit/nodegit#521 from murgatroid99/version_0.16_update
- 8e7c199 Merge pull request Lots of complaints of missing build/Debug/nodegit nodegit/nodegit#520 from murgatroid99/abi_crosswalk_update_15
- 00c594c Bump to 0.16.0 and update changelog
- e8e0908 Update ABI crosswalk with new Node versions including 15.x
- 6ca1a1c Bumping to 0.15.0
- d5dfc55 Merge pull request Fix gitter badge for npm nodegit/nodegit#492 from mjziolko/mkdirp-vuln-fix
- c3ed2ff Merge branch 'master' into mkdirp-vuln-fix
- 73d6c8a Merge pull request Improve coverage nodegit/nodegit#502 from clehene/patch-1
- e0579c5 Update to the latest version of Needle (2.5.0)
- 3a3a0ed Merge pull request Bug with oid implicit cast inside C++ nodegit/nodegit#501 from murgatroid99/abi_crosswalk_update_14
- b8fe01f Update abi_crosswalk with new runtime versions
- 2c6a519 update crosswalk
- e8891b5 tUpdate mkdirp to 0.5.3 which removes the vulnerable dep on minimist: https://npmjs.com/advisories/1179
- ef634f9 Merge pull request Remove unneeded connect call from push example nodegit/nodegit#483 from murgatroid99/abi_crosswalk_update_13
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.
Learn how to fix vulnerabilities with free interactive lessons: