Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade node-gyp from 9.0.0 to 9.4.0 #78

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

blinkhash
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade node-gyp from 9.0.0 to 9.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 4 months ago, on 2023-06-13.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: node-gyp
  • 9.4.0 - 2023-06-13

    Features

    • add support for native windows arm64 build tools (bb76021)
    • Upgrade Python linting from flake8 to ruff (#2815) (fc0ddc6)

    Bug Fixes

    • extract tarball to temp directory on Windows (#2846) (aaa117c)
    • log statement is for devDir not nodedir (#2840) (55048f8)

    Miscellaneous

    • get update-gyp.py to work with Python >= v3.5 (#2826) (337e8e6)

    Doc

    Tests

  • 9.3.1 - 2022-12-19

    Bug Fixes

    Miscellaneous

  • 9.3.0 - 2022-10-11

    Features

  • 9.2.0 - 2022-10-04

    Features

    • Add proper support for IBM i (a26494f)
    • gyp: update gyp to v0.13.0 (3e2a532)

    Bug Fixes

    • node.js debugger adds stderr (but exit code is 0) -> shouldn't throw (#2719) (c379a74)

    Core

    Miscellaneous

  • 9.1.0 - 2022-07-14

    Features

    • Update function getSDK() to support Windows 11 SDK (#2565) (ea8520e)

    Bug Fixes

    • extend tap timeout length to allow for slow CI (6f74c76)
    • new ca & server certs, bundle in .js file and unpack for testing (147e3d3)
    • re-label (#2689) (f0b7863)
    • typo on readme (bf81cd4)

    Doc

    • update docs/README.md with latest version number (62d2815)

    Core

    • update due to rename of primary branch (ca1f068)

    Tests

  • 9.0.0 - 2022-03-01

    ⚠ BREAKING CHANGES

    • increase "engines" to "node" : "^12.22 || ^14.13 || >=16" (#2601)

    Bug Fixes

    • _ in npm_config_ env variables (eef4eef)
    • update make-fetch-happen to a minimum of 10.0.3 (839e414)

    Miscellaneous

    Doc

    • Add notes/disclaimers for upgrading the copy of node-gyp that npm uses (#2585) (faf6d48)
    • Rename and update Common-issues.md --> docs/README.md (#2567) (2ef5fb8)
    • rephrase explanation of which node-gyp is used by npm (#2587) (a2f2988)
    • title match content (#2574) (6e8f93b)
    • Update Python versions (#2571) (e069f13)

    Core

    • add lib.target as path for searching libnode on z/OS (1d499dd)
    • increase "engines" to "node" : "^12.22 || ^14.13 || >=16" (#2601) (6562f92)
    • make-fetch-happen@10.0.1 (78f6660)
from node-gyp GitHub release notes
Commit messages
Package name: node-gyp
  • 33391db chore: release 9.4.0
  • a0b3d1c test: remove deprecated Node.js and Python (#2868)
  • 7a3fe1c win,install: only download target_arch node.lib (#2857)
  • 55048f8 fix: log statement is for devDir not nodedir (#2840)
  • 5df2b72 Migration from tap to mocha (#2851)
  • aaa117c fix: extract tarball to temp directory on Windows (#2846)
  • bb76021 feat: add support for native windows arm64 build tools
  • 6f3c2d3 docs: docs/README.md add advise about deprecated node-sass (#2828)
  • 02480f6 update make-fetch-happen to 11.0.3 (#2796)
  • c7927e2 doc: Update README.md (#2822)
  • 337e8e6 chore: get update-gyp.py to work with Python >= v3.5 (#2826)
  • 41882a9 Improved advise on repacing node-sass with sass (#2758)
  • fc0ddc6 feat: Upgrade Python linting from flake8 to ruff (#2815)
  • 39ac2c1 chore: release 9.3.1
  • 888efb9 fix: increase node 12 support to ^12.13 (#2771)
  • 38f01fa ci: update python test matrix (#2774)
  • ee46f9d Add Python 3.11 to the testing
  • 2cc72be chore: release 9.3.0
  • 713b8dc feat(gyp): update gyp to v0.14.0 (#2749)
  • 131d1a4 feat: remove support for VS2015 in Node.js >=19 (#2746)
  • 7d0c83d feat: support IBM Open XL C/C++ on z/OS (#2743)
  • 4bc4747 chore: release 9.2.0 (#2735)
  • 33deab4 Adding tarfile member sanitization to extractall() (#2741)
  • a26494f feat: Add proper support for IBM i

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants