Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade node-gyp from 3.0.3 to 3.4.0 #32

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade node-gyp from 3.0.3 to 3.4.0 #32

wants to merge 1 commit into from

Conversation

fishbar
Copy link
Owner

@fishbar fishbar commented Oct 19, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-gyp The new version differs by 48 commits.
  • d460084 3.4.0
  • cc312ca changelog for v3.4.0
  • ce5fd04 deps: update minimatch version
  • 77383dd Replace fs.accessSync call to fs.statSync
  • 0dba4bd test: add simple addon test
  • c4344b3 doc: add --target option to README
  • cc778e9 Override BUILDING_UV_SHARED, BUILDING_V8_SHARED.
  • af35b2a Move VC++ Build Tools to Build Tools landing page.
  • f31482e win: work around __pfnDliNotifyHook2 type change
  • 3df8222 Allow for npmlog@3.x
  • a4fa07b More verbose error on locating msbuild.exe failure.
  • 4ee3132 doc: add command options to README.md
  • c8c7ca8 Add --silent option for zero output.
  • ac29d23 Upgrade to glob@7.0.3.
  • 15fd56b Enable V8 deprecation warnings for native modules
  • 7f1c1b9 gyp: improvements for android generator
  • 0880827 Update Windows install instructions
  • 625c151 gyp: inherit CC/CXX for CC/CXX.host
  • 3bcb172 Add support for the Python launcher on Windows
  • 1dcf356 3.3.1
  • a981ef8 gyp: fix android generator
  • 7b10467 3.3.0
  • a1dde56 Update changelog
  • 818d854 Introduce NODEJS_ORG_MIRROR and IOJS_ORG_MIRROR

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fishbar @snyk-bot