Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade nodegit from 0.22.2 to 0.24.3 #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade nodegit from 0.22.2 to 0.24.3 #27

wants to merge 1 commit into from

Conversation

atlslscsrv-app
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node_modules_native/package.json
    • node_modules_native/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nodegit The new version differs by 151 commits.
  • 37fcf5d Bump to v0.24.3
  • 8586e35 Merge pull request #1672 from davidsarkany/master
  • 72ac39d Bump to v0.24.2
  • 20c24dd Merge pull request #1663 from ianhattendorf/fix/openssl-url
  • 17cb232 Allow backport branch to build on appveyor CI
  • d6b0e2d Bump to v0.24.1
  • 6337e88 Backport
  • f2519b8 Bump to v0.24.0
  • 560eb06 Merge pull request #1605 from implausible/fix/segfault-on-revert-opts-no-merge-opts
  • d99c327 Add test to prevent regression of Revert.revert options segfault
  • 7ebb3e4 Merge pull request #1609 from implausible/fix/checkout-bug
  • d74dfb0 Merge pull request #1574 from stevex86/chore/cleaup-libssh2-configure
  • 76deb93 Fix checkout bug in our fork of libgit2
  • 6085c6c Simplify is_electron condition
  • ec5f1c9 Don't try to normalize mergeOpts unless mergeOpts is defined.
  • 1bc53bf Merge pull request #1600 from implausible/bug/ssl-not-required-for-node-builds
  • 7e64250 Merge pull request #1603 from rcjsuen/reset-check
  • 4b5d313 Remove ssl and crypto dependency on non-electron builds
  • 612f76f Check parameters before performing reset
  • d292ed8 Merge pull request #1601 from rcjsuen/getReferenceCommit-test
  • 3f2c41f Add a test for Repository's getReferenceCommit
  • 4a66926 Merge pull request #1583 from elastic/yl/dirhistory
  • 2b30a26 Merge pull request #1582 from GitNiko/master
  • f8bbe07 Update file_history_walk.cc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: node_modules_native/package.json & node_modules_native/package-l…
6bcf07e 
…ock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@atlslscsrv-app @snyk-bot