dfellis / h3-node

H3 binding to Node using N-API
MIT License
30 stars 5 forks source link

[Snyk] Security upgrade node-gyp from 6.1.0 to 7.0.0 #39

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 481/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-gyp The new version differs by 28 commits.
  • 33affe2 v7.0.0: bump version and update changelog
  • ba4f34b doc: update catalina xcode clt download link
  • f7bfce9 doc: update acid test and introduce curl|bash test script
  • 4937722 deps: replace mkdirp with {recursive} mkdir
  • a6b76a8 gyp: update gyp to 0.2.1
  • e529f33 doc: update README to reflect upgrade to gyp-next
  • ebc34ec gyp: update gyp to 0.2.0
  • 9aed628 doc: give more attention to Catalina issues doc
  • 963f2a7 doc: improve cataline discoverability for search engines
  • d45438a deps: update deps, match to npm@7
  • 5f47b7a v5.1.1: bump version and update changelog
  • c255ffb lib: drop "-2" flag for "py.exe" launcher
  • 741ab09 test: remove support for EOL versions of Node.js
  • 6356117 doc, bin: stop suggesting opening node-gyp issues
  • 7b75af3 doc: add macOS Catalina software update info
  • 4f23c7b doc: update link to the code of conduct (#2073)
  • 473cfa2 doc: note in README that Python 3.8 is supported (#2072)
  • e18a61a build: shrink bloated addon binaries on windows
  • ca86ef2 test: bump actions/checkout from v1 to v2
  • e7402b4 doc: update catalina xcode cli tools download link (#2044)
  • 972780b gyp: sync code base with nodejs repo (#1975)
  • dab0305 v5.1.0: bump version and update changelog
  • 35de459 doc: update catalina xcode cli tools download link; formatting
  • 4864219 doc: add download link for Command Line Tools for Xcode
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic

dfellis commented 3 years ago

It was able to successfully build the module and test it, so this shouldn't break anything.