[Snyk] Security upgrade cmake-js from 3.4.1 to 4.0.0 - Githubissues

ramirezd42 / vst-js

native node addon that allows for instantiation of natively installed VST3 audio plugins

226 stars 20 forks source link

[Snyk] Security upgrade cmake-js from 3.4.1 to 4.0.0 #23

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	776/1000 Why? Recently disclosed, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cmake-js

The new version differs by 28 commits.

b226935 deprecated nw.js test removed because of won't fix on nw.js side
8a0bccd prototyping 4.0.0
049add5 Remove disabling of warnings on OSX (#133)
a716787 fix: Clearer error message if CMake is missing (#137)
45f419b Respect NVM and Electron's mirror settings (#131)
b6ed989 Use a fully resolved path for `workDir`. (#125)
8136a2f v3.7.3
067fe17 remove incorrect initialization of npmConfigData to empty object (#123)
172cbda 3.7.1
9faf274 3.7.0
57bf5fd Adds toolset command line flag (#115)
9bf8866 Update README.md
d0bebae fix build for scoped packages (#117)
cc79584 update to modern fs-extras (#118)
ecd625f replace npmconf with rc (#119)
09d81ba replace unzip with unzipper (#120)
3456bb8 v3.6.2
c487f82 3.6.1
f669ce9 Test new registry key for windows_toolscore (2017) (#101)
ec66c9c v3.6.0 released
b0d2c37 v3.6.0 prototype
43fc6b4 Add -T option to specify target to build (#98)
ec71089 v3.5.0
ed0e5d7 Attempt to resolve https://github.com/cmake-js/cmake-js/issues/78

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic