[Snyk] Security upgrade node-pre-gyp from 0.6.39 to 0.9.0 by snyk-bot · Pull Request #8 · contentascode/nodegit

snyk-bot · Jul 17, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit

Commit messages

Package name: node-pre-gyp

The new version differs by 42 commits.

13c5ad0 bump to v0.9.0
07e7ee5 Merge pull request WIP: Refactor publishing nodegit/nodegit#350 from cktang88/master
9a9089b Replace request with needle
2844fa4 bump to v0.8.0 with N-API support
b22612c remove node-pre-gyp dep from app7 package.json
9bb97af Merge pull request Update dependency node-pre-gyp to ~0.6 nodegit/nodegit#345 from inspiredware/napi-support
c31cce4 Merge branch 'master' into napi-support
cf3ebb6 bump to v0.7.1 with tar v4.x
9bc1ff3 avoid double declare of tape in devDeps
b1ce220 fix package.json syntax
e9fb2e5 Merge pull request Module fails to load nodegit/nodegit#299 from isaacs/master
81f2e60 Merge branch 'master' into master
e7bb6cd bump to v0.7.0 / drop node v0.10.x support
837c48b update versions
af507d1 Merge pull request Added checkout head method and tests nodegit/nodegit#347 from krotscheck/hawk
eda90e0 Remove dependency on hawk, upgrade request
9684ef6 Another CI build tweak
9870491 Addresses CI build errors
b2ed35a update with latest versions
e352a05 kick travis
37eb637 bump to v0.6.40
8f7c497 CI tweaks
488ac7b Fix for code cleanup
82a641e Code cleanup.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908

fix: package.json & package-lock.json to reduce vulnerabilities

a2e5443

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade node-pre-gyp from 0.6.39 to 0.9.0#8

[Snyk] Security upgrade node-pre-gyp from 0.6.39 to 0.9.0#8
snyk-bot wants to merge 1 commit intomastercontentascode/nodegit:masterfrom
snyk-fix-4a77a6198192f62ca7891ccb9d712d24contentascode/nodegit:snyk-fix-4a77a6198192f62ca7891ccb9d712d24Copy head branch name to clipboard

snyk-bot commented Jul 17, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Search code, repositories, users, issues, pull requests...

Conversation

snyk-bot commented Jul 17, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant