ramirezd42 / vst-js

native node addon that allows for instantiation of natively installed VST3 audio plugins
228 stars 20 forks source link

[Snyk] Security upgrade cmake-js from 3.4.1 to 4.0.0 #27

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 481/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: cmake-js The new version differs by 28 commits.
  • b226935 deprecated nw.js test removed because of won't fix on nw.js side
  • 8a0bccd prototyping 4.0.0
  • 049add5 Remove disabling of warnings on OSX (#133)
  • a716787 fix: Clearer error message if CMake is missing (#137)
  • 45f419b Respect NVM and Electron's mirror settings (#131)
  • b6ed989 Use a fully resolved path for `workDir`. (#125)
  • 8136a2f v3.7.3
  • 067fe17 remove incorrect initialization of npmConfigData to empty object (#123)
  • 172cbda 3.7.1
  • 9faf274 3.7.0
  • 57bf5fd Adds toolset command line flag (#115)
  • 9bf8866 Update README.md
  • d0bebae fix build for scoped packages (#117)
  • cc79584 update to modern fs-extras (#118)
  • ecd625f replace npmconf with rc (#119)
  • 09d81ba replace unzip with unzipper (#120)
  • 3456bb8 v3.6.2
  • c487f82 3.6.1
  • f669ce9 Test new registry key for windows_toolscore (2017) (#101)
  • ec66c9c v3.6.0 released
  • b0d2c37 v3.6.0 prototype
  • 43fc6b4 Add -T option to specify target to build (#98)
  • ec71089 v3.5.0
  • ed0e5d7 Attempt to resolve https://github.com/cmake-js/cmake-js/issues/78
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic