[Snyk] Security upgrade node-pre-gyp from 0.15.0 to 0.17.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
No | No Known Exploit | |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
No | Proof of Concept | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: node-pre-gyp
The new version differs by 14 commits.- de39503 bump to v0.17.0
- 39eb005 update deps
- dda7bdb skip less
- 834bbe0 latest releases
- 9611242 alt solution to #432 in order to fix windows/appveyor builds
- 3d3b4ee remove broken or partially broken badges
- 99b6f50 attempt to fix webkit tests per https://benlimmer.com/2019/01/14/travis-ci-xvfb/
- 6ff06c8 travis-ci.com link
- 27e150d latest node versions
- a78e473 remove tests related to python that shift depending on the node-gyp version
- ac2a149 Merge pull request #521 from murgatroid99/version_0.16_update
- 8e7c199 Merge pull request #520 from murgatroid99/abi_crosswalk_update_15
- 00c594c Bump to 0.16.0 and update changelog
- e8e0908 Update ABI crosswalk with new Node versions including 15.x
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: