Skip to content

[Snyk] Security upgrade node-pre-gyp from 0.15.0 to 0.17.0

matanel-snyk requested to merge snyk-fix-8d5cf42cd8bdf218b0f9530e9c520db7 into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908 		No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818 		No No Known Exploit
critical severity 821/1000
Why? Proof of Concept exploit, Has a fix available, Critical severity		 Prototype Pollution
SNYK-JS-MINIMIST-2429795 		No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795 		No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-pre-gyp The new version differs by 14 commits.
  • de39503 bump to v0.17.0
  • 39eb005 update deps
  • dda7bdb skip less
  • 834bbe0 latest releases
  • 9611242 alt solution to #432 in order to fix windows/appveyor builds
  • 3d3b4ee remove broken or partially broken badges
  • 99b6f50 attempt to fix webkit tests per https://benlimmer.com/2019/01/14/travis-ci-xvfb/
  • 6ff06c8 travis-ci.com link
  • 27e150d latest node versions
  • a78e473 remove tests related to python that shift depending on the node-gyp version
  • ac2a149 Merge pull request #521 from murgatroid99/version_0.16_update
  • 8e7c199 Merge pull request #520 from murgatroid99/abi_crosswalk_update_15
  • 00c594c Bump to 0.16.0 and update changelog
  • e8e0908 Update ABI crosswalk with new Node versions including 15.x

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution

Merge request reports