[Snyk] Security upgrade node-pre-gyp from 0.9.0 to 0.17.0 #1

mmollo · 2024-02-08T14:24:43Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	No	Proof of Concept
434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	No	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-pre-gyp

The new version differs by 94 commits.

de39503 bump to v0.17.0
39eb005 update deps
dda7bdb skip less
834bbe0 latest releases
9611242 alt solution to #432 in order to fix windows/appveyor builds
3d3b4ee remove broken or partially broken badges
99b6f50 attempt to fix webkit tests per https://benlimmer.com/2019/01/14/travis-ci-xvfb/
6ff06c8 travis-ci.com link
27e150d latest node versions
a78e473 remove tests related to python that shift depending on the node-gyp version
ac2a149 Merge pull request #521 from murgatroid99/version_0.16_update
8e7c199 Merge pull request #520 from murgatroid99/abi_crosswalk_update_15
00c594c Bump to 0.16.0 and update changelog
e8e0908 Update ABI crosswalk with new Node versions including 15.x
6ca1a1c Bumping to 0.15.0
d5dfc55 Merge pull request #492 from mjziolko/mkdirp-vuln-fix
c3ed2ff Merge branch 'master' into mkdirp-vuln-fix
73d6c8a Merge pull request #502 from clehene/patch-1
e0579c5 Update to the latest version of Needle (2.5.0)
3a3a0ed Merge pull request #501 from murgatroid99/abi_crosswalk_update_14
b8fe01f Update abi_crosswalk with new runtime versions
2c6a519 update crosswalk
e8891b5 tUpdate mkdirp to 0.5.3 which removes the vulnerable dep on minimist: https://npmjs.com/advisories/1179
ef634f9 Merge pull request #483 from murgatroid99/abi_crosswalk_update_13