chore: bump node-pre-gyp for CVE-2020-7598

royaltm / node-murmurhash-native

MurmurHash native bindings for node

MIT License

48 stars 7 forks source link

chore: bump node-pre-gyp for CVE-2020-7598 #24

Closed austinbrown-okta closed 3 years ago

austinbrown-okta commented 3 years ago

The current version of node-pre-gyp is vulnerable to CVE-2020-7598 via inclusion of a vulnerable minimist version. This PR patches the vuln by upgrading node-pre-gyp from 0.14.0 to 0.17.0.

References:

CVE-2020-7598 advisory: https://github.com/advisories/GHSA-vh95-rmgr-6w4m
node-pre-gyp changelog: https://github.com/mapbox/node-pre-gyp/blob/master/CHANGELOG.md

royaltm commented 3 years ago

Thanks. Why I don't see how it does impact this library in any way, I guess we have to move forward.