[Snyk] Upgrade nodegit from 0.23.1 to 0.27.0 #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade nodegit from 0.23.1 to 0.27.0. See this package in npm: https://www.npmjs.com/package/nodegit See this project in Snyk: https://app.snyk.io/org/wedataintelligence/project/e2b1c737-2c28-4f70-a0ba-ba9d330b3949?utm_source=github&utm_medium=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade nodegit from 0.23.1 to 0.27.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-TAR-1579155
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579152
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579147
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-TAR-1536531
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-TAR-1536528
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-NODEGIT-542723
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-NODEGIT-542722
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-NODEGIT-542721
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-NODEGIT-542720
Why? Recently disclosed, Has a fix available, CVSS 8.5
SNYK-JS-TAR-1536758
Why? Recently disclosed, Has a fix available, CVSS 8.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: nodegit
-
0.27.0 - 2020-07-28
- Expose git_remote_rename
- Bump OpenSSL from 1.1.0i -> 1.1.1c in Windows/Mac OS Electron builds
- Replace unmaintained request library with got
- Remove promisify-node and use vanilla promises for all NodeGit promises
- Prebuilds for Node 14, deprecate Node 8
- Persist RemoteCallbacks and ProxyOptions on the remote if using Remote.prototype.connect. This fixes a segfault when using any routines on a connected remote.
- Upgrade build environments #1785
- Remote needs to persist the callback/proxyOpts/headers #1784
- Remove promisify-node and remove old callback api remnants
- Replace deprecated package request with got
- Bump OpenSSL prebuilt to 1.1.1c
- Expose git_remote_rename
- Dedupe Remote.prototype.fetch
-
0.27.0-alpha.1 - 2020-03-26
- Expose git_remote_rename
- Bump OpenSSL from 1.1.0i -> 1.1.1c in Windows/Mac OS Electron builds
- Replace unmaintained request library with got
- Remove promisify-node and use vanilla promises for all NodeGit promises
- Remove promisify-node and remove old callback api remnants
- Replace deprecated package request with got
- Bump OpenSSL prebuilt to 1.1.1c
- Expose git_remote_rename
- Dedupe Remote.prototype.fetch
-
0.26.5 - 2020-02-27
- Bring in improvement to client certificate handling on Windows from winhttp: support optional client cert #5384
- Bring in Libgit2 #5384 to NodeGit
- Fix behavior of Commit#parent
- Remove DiffList
- Remove unnecessary assignment of Commit#repo
- winhttp: support optional client cert #5384
- Support
- Parallelize checkout_create_the_new for perf #4205
-
0.26.4 - 2020-01-14
- Bumped LibGit2
- Now can be configured to support longpaths on Windows. Does not respect the config value, but is configured through
- Support for complex SSH auth creds handshakes
- Pulled in patch for Libssh2 that covers an integer overflow, see Libssh2#402
- Fix some issues from the libgit2 bump
- Add option to support longpaths on Windows
- Bring in libssh2#402
- Wait for copy and remove promises to finish
- Support
- Parallelize checkout_create_the_new for perf #4205
- win32: fix relative symlinks pointing into dirs
- ntlm: prevent (spurious) compiler warnings
- Adds support for multiple SSH auth mechanisms being used sequentially
- netops: handle intact query parameters in service_suffix removal
- Refactor packfile code to use zstream abstraction
- Fix git_submodule_sync with relative url
- http: avoid generating double slashes in url
- Correct typo in name of referenced parameter
- patch_parse: fix undefined behaviour due to arithmetic on NULL pointers
- smart_pkt: fix overflow resulting in OOB read/write of one byte
- branch: clarify documentation around branches
- examples: checkout: implement guess heuristic for remote branches
- Minor doc improvements
- attr: Update definition of binary macro
- Security fixes for master
- release.md: note that we do two security releases
- MSVC: Fix warning C4133 on x64: "function": Incompatible types - from "unsigned long *" to "size_t *"
- ci: only push docs from the libgit2/libgit2 repo
- global: convert to fiber-local storage to fix exit races
- Fix copy&paste in git_cherrypick_commit docstring
- patch_parse: fix out-of-bounds reads caused by integer underflow
- tests: fix compiler warning if tracing is disabled
- tests: config: only test parsing huge file with GITTEST_INVASIVE_SPEED
- diff: complete support for git patchid
- Memory optimizations for config entries
- ssh: include sha256 host key hash when supported
- Various examples shape-ups
- Improve trace support in tests
- Move
- Add compat typdef for git_attr_t
- CI Build Updates
- patch_parse: use paths from "---"/"+++" lines for binary patches
- Follow 308 redirect in WinHTTP transport
- fileops: correct error return on p_lstat failures when mkdir
- config_mem: implement support for snapshots
- patch_parse: fix segfault when header path contains whitespace only
- config_file: fix race when creating an iterator
- Fix crash if snapshotting a config_snapshot
- fix a bug introduced in 8a23597b
- reflogs: fix behaviour around reflogs with newlines
- commit: verify objects exist in git_commit_with_signature
- patch_parse: fixes for fuzzing errors
- apply: add GIT_APPLY_CHECK
- refs: unlock unmodified refs on transaction commit
- fuzzers: add a new fuzzer for patch parsing
- patch_parse: handle patches without extended headers
- Provide a wrapper for simple submodule clone steps
- macOS GSS Support
- cmake: correct the link stanza for CoreFoundation
- Fix file locking on POSIX OS
- cmake: update minimum CMake version to v3.5.1
- patch_parse: handle patches with new empty files
- DRY commit parsing
- azure: avoid building and testing in Docker as root
- regexp: implement a new regular expression API
- git_refdb API fixes
- Don't use enum for flags
- valgrind: suppress memory leaks in libssh2_session_handshake
- buffer: fix writes into out-of-memory buffers
- cred: add missing private header in GSSAPI block
- CMake pkg-config modulification
- Update chat resources in README.md
- Circular header splitting
-
0.26.3 - 2019-12-10
- Include LibGit2 security patch: https://github.com/libgit2/libgit2/releases/tag/v0.28.4
- Bring in security patches from libgit2 #1743
-
0.26.2 - 2019-09-27
- Added options to fetch additional data (gpg signature) from LibGit2 in revWalk.prototype.commitWalk and return plain objects
- revWalk.prototype.commitWalk(numCommits: number, { returnPlainObjects: boolean })
- Optionally retrieve more data on commit walk #1728
-
0.26.1 - 2019-09-17
-
0.26.0 - 2019-09-11
- Bumped libssh2 to 1.9 for security patch
- Remote.prototype.upload and Remote.prototype.updateTips should be async now
- GitRemote upload and updateTips are async #1720
- Update libssh2 to 1.9 #1719
-
0.25.1 - 2019-08-13
-
0.25.0 - 2019-08-09
-
0.25.0-alpha.16 - 2019-07-24
-
0.25.0-alpha.15 - 2019-07-17
-
0.25.0-alpha.14 - 2019-07-01
-
0.25.0-alpha.13 - 2019-06-27
-
0.25.0-alpha.12 - 2019-06-04
-
0.25.0-alpha.11 - 2019-05-20
-
0.25.0-alpha.10 - 2019-05-03
-
0.25.0-alpha.9 - 2019-03-05
-
0.25.0-alpha.8 - 2019-02-28
-
0.25.0-alpha.7 - 2019-02-20
-
0.25.0-alpha.6 - 2019-02-14
-
0.25.0-alpha.5 - 2019-02-12
-
0.25.0-alpha.4 - 2019-02-08
-
0.25.0-alpha.3 - 2019-02-05
-
0.25.0-alpha.2 - 2019-02-01
-
0.25.0-alpha.1 - 2019-01-31
-
0.24.3 - 2019-05-03
-
0.24.2 - 2019-04-19
-
0.24.1 - 2019-02-12
-
0.24.0 - 2019-01-16
-
0.24.0-alpha.1 - 2018-10-25
-
0.23.1 - 2019-02-12
from nodegit GitHub release notesSummary of changes
Merged PRs into NodeGit
Summary of changes
#Merged PRs into NodeGit
Summary of changes
Commit.prototype.parent()now correctly assigns the repo property on the retrieved commit. This should solve certain bugs when working with a commit retrieved fromparent.Merged PRs into NodeGit
Merged PRs into LibGit2
core.longpathson Windows #5347Summary of changes
NodeGit.Libgit2.opts. See #1748 for details.Merged PRs into NodeGit
Merged PRs into LibGit2
core.longpathson Windows #5347git_off_ttogit_object_size_tSummary of changes
Merged PRs into NodeGit
Summary of changes
Merged PRs into NodeGit
Read more
Summary of changes
Merged PRs into NodeGit
Read more
Read more
Commit messages
Package name: nodegit
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs