[Snyk] Upgrade node-gyp from 10.0.0 to 10.2.0 #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade node-gyp from 10.0.0 to 10.2.0. See this package in npm: node-gyp See this project in Snyk: https://app.snyk.io/org/blackpeter13/project/4d461ce9-f34d-4a3c-8ca1-1aabdb4aa7ca?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade node-gyp from 10.0.0 to 10.2.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-TAR-6476909
Release notes
Package name: node-gyp
-
10.2.0 - 2024-07-10
- allow VCINSTALLDIR to specify a portable instance (#3036) (d38af2e)
- gyp: update gyp to v0.18.1 (#3039) (ea99fea)
- support
- add an arch check to VS 2019 (#3025) (323957b)
- deps: bump seanmiddleditch/gha-setup-ninja from 4 to 5 (#3041) (10f6730)
- proc-log@4.0.0 (#3022) (141aa6b)
- tar@6.2.1 (#3021) (b22d5ee)
- add the way to configuring Python dependency for Windows PowerShell (#2996) (9fd7936)
- Installation -- Python >= v3.12 requires
- fix ruff command (#3044) (b3916d5)
-
10.1.0 - 2024-03-25
- improve visual studio detection (#2957) (109e3d4)
- add support for locally installed headers (#2964) (3298731)
- deps: bump actions/setup-python from 4 to 5 (#2960) (3f0df7e)
- deps: bump google-github-actions/release-please-action (#2961) (b1f1808)
- print Python executable path using UTF-8 (#2995) (c472912)
- update supported vs versions (#2959) (391cc5b)
- npm is currently v10 (#2970) (7705a22)
- remove outdated Node versions from readme (#2955) (ae8478e)
- remove outdated update engines.node reference in 10.0.0 changelog (b42e796)
- only run release please on push (cff9ac2)
- upgrade release please action from v2 to v4 (#2982) (0035d8e)
-
10.0.1 - 2023-11-02
- use local
- add parallel test logging (7de1f5f)
- lint fixes (4e0ed99)
- use platform specific timeouts in tests (a68586a)
-
10.0.0 - 2023-10-28
- use .npmignore file to limit which files are published (#2921)
- the
- All internal functions have been coverted to return promises and no longer accept callbacks. This is not a breaking change for users but may be breaking to consumers of
- convert all internal functions to async/await (355622f)
- convert internal classes from util.inherits to classes (d52997e)
- drop node 14 support (#2929) (1b3bd34)
- drop rimraf dependency (4a50fe3)
- gyp: update gyp to v0.16.1 (#2923) (707927c)
- replace npmlog with proc-log (4a50fe3)
- update engines.node to ^14.17.0 || ^16.13.0 || >=18.0.0 (4a50fe3)
- use .npmignore file to limit which files are published (#2921) (864a979)
- create Python symlink only during builds, and clean it up after (#2721) (0f1f667)
- promisify build command (4a50fe3)
- use fs/promises in favor of fs.promises (4a50fe3)
- increase mocha timeout (#2887) (445c28f)
- update expired certs (#2908) (5746691)
- Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 (#2783) (b3d41ae)
- README.md Do not hardcode the supported versions of Python (#2880) (bb93b94)
- update applicable GitHub links from master to main (#2843) (d644ce4)
- Update windows installation instructions in README.md (#2882) (c9caa2e)
- find python checks order changed on windows (#2872) (b030555)
- glob@10.3.10 (#2926) (4bef1ec)
- glob@8.0.3 (4a50fe3)
- make-fetch-happen@13.0.0 (#2927) (059bb6f)
- nopt@^7.0.0 (4a50fe3)
- standard@17.0.0 and fix linting errors (4a50fe3)
- which@3.0.0 (4a50fe3)
- which@4.0.0 (#2928) (e388255)
- add check engines script to CI (#2922) (21a7249)
- empty commit to add changelog entries from #2770 (4a50fe3)
- GitHub Workflows security hardening (#2740) (26683e9)
- misc testing fixes (#2930) (4e493d4)
- run tests after release please PR (3032e10)
from node-gyp GitHub release notes10.2.0 (2024-07-09)
Features
rebuildandbuildfor cross-compiling Node-API module to wasm on Windows (#2974) (6318d2b)Core
Doc
node-pre-gypis no longer maintained (#3015) (93186f1)node-gyp>= v10 (#3010) (a6b48fc)Miscellaneous
10.1.0 (2024-03-13)
Features
Core
Doc
Miscellaneous
Bug Fixes
utilforfindAccessibleSync()(b39e681)Miscellaneous
⚠ BREAKING CHANGES
Gypclass exported is now created using ECMAScript classes and therefore might have small differences to classes that were previously created withutil.inherits.node-gypif you are requiring internal functions directly.node-gypnow supports node^16.14.0 || >=18.0.0Features
Bug Fixes
Tests
Doc
Core
Miscellaneous
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"node-gyp","from":"10.0.0","to":"10.2.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"}],"prId":"b49a150a-6390-44da-bdd6-68ff2357338f","prPublicId":"b49a150a-6390-44da-bdd6-68ff2357338f","packageManager":"npm","priorityScoreList":[432],"projectPublicId":"4d461ce9-f34d-4a3c-8ca1-1aabdb4aa7ca","projectUrl":"https://app.snyk.io/org/blackpeter13/project/4d461ce9-f34d-4a3c-8ca1-1aabdb4aa7ca?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-TAR-6476909"],"upgradeInfo":{"versionsDiff":3,"publishedDate":"2024-07-10T12:42:29.988Z"},"vulns":["SNYK-JS-TAR-6476909"]}'