[Snyk] Fix for 3 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-gyp

The new version differs by 6 commits.

• 41f2b23 4.0.0
• 35e765b doc: update changelog
• ceed5cb deps: updated tar package version to 4.4.8
• 374519e Upgrade to tar v3
• e6699d1 test: fix addon test for Node.js 12 and V8 7.4
• 0c6bf53 lib: use print() for python version detection

See the full diff

Package name: npm-lifecycle

The new version differs by 7 commits.

• cf5f5ca chore(release): 2.1.1
• dbbfe27 deps: bump deps to fix security advisories
• e96f550 deps: update node-gyp to v4.0.0
• f6cef1c chore: update CI for current Node LTS
• c137ac7 deps: bump devDeps
• 62c07d3 deps: bump deps
• 220cd70 fix(test): update postinstall script for fixture

See the full diff

Package name: tar

The new version differs by 47 commits.

• 3e35515 4.4.18
• 52b09e3 fix: prevent path escape using drive-relative paths
• bb93ba2 fix: reserve paths properly for unicode, windows
• 2f1bca0 fix: prune dirCache properly for unicode, windows
• 9bf70a8 4.4.17
• 6aafff0 fix: skip extract if linkpath is stripped entirely
• 5c5059a fix: reserve paths case-insensitively
• fd6accb 4.4.16
• 53cea6e tests: run (and pass) on windows
• 166cfc0 fix: refactoring to pass tests on Windows
• ce5148e fix: refactoring to pass tests on Windows
• 3f2e2da fix: normalize paths on Windows systems
• e29a665 fix: properly prefix hard links
• fd2a38d chore: WriteEntry cleaner write() handling
• 7b2acc5 update deps
• 83bb22c WriteEntry backpressure
• 0dcc5b2 chore: track fs state on WriteEntry class, not in arguments
• adf3511 Avoid an unlikely but theoretically possible redos
• d688cad fix: properly handle top-level files when using strip
• ea6f254 unpack: keep path reservations longer
• b2a97e1 Address unpack race conditions using path reservations
• f0fe3aa basic path reservation system
• 843c897 4.4.15
• 46fe350 Remove paths from dirCache when no longer dirs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic