[Snyk] Security upgrade node-pre-gyp from 0.15.0 to 0.17.0 (!64) · Merge requests · Eric Husband / juice-shop

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-pre-gyp

The new version differs by 14 commits.

de39503 bump to v0.17.0
39eb005 update deps
dda7bdb skip less
834bbe0 latest releases
9611242 alt solution to #432 in order to fix windows/appveyor builds
3d3b4ee remove broken or partially broken badges
99b6f50 attempt to fix webkit tests per https://benlimmer.com/2019/01/14/travis-ci-xvfb/
6ff06c8 travis-ci.com link
27e150d latest node versions
a78e473 remove tests related to python that shift depending on the node-gyp version
ac2a149 Merge pull request #521 from murgatroid99/version_0.16_update
8e7c199 Merge pull request #520 from murgatroid99/abi_crosswalk_update_15
00c594c Bump to 0.16.0 and update changelog
e8e0908 Update ABI crosswalk with new Node versions including 15.x

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

[Snyk] Security upgrade node-pre-gyp from 0.15.0 to 0.17.0