[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-gyp

The new version differs by 46 commits.

• 41f2b23 4.0.0
• 35e765b doc: update changelog
• ceed5cb deps: updated tar package version to 4.4.8
• 374519e Upgrade to tar v3
• e6699d1 test: fix addon test for Node.js 12 and V8 7.4
• 0c6bf53 lib: use print() for python version detection
• 9a404d6 3.8.0
• 9b9d98f doc: update changelog
• c5929cb doc: update Xcode preferences tab name.
• 8b488da doc: update link to commit guidelines
• b4fe8c1 doc: fix visual studio links
• 536759c configure: use sys.version_info to get python version
• 94c39c6 gyp: fix ninja build failure (GYP patch)
• e8ea74e tools: patch gyp to avoid xcrun errors
• ea9aff4 tools: fix "the the" typos in comments
• 207e5aa gyp: implement LD/LDXX for ninja and FIPS
• b416c5f gyp: enable cctest to use objects (gyp part)
• 40692d0 gyp: add compile_commands.json gyp generator
• fc3c4e2 gyp: float gyp patch for long filenames
• 8aedbfd gyp: backport GYP fix to fix AIX shared suffix
• 6cd84b8 test: formatting and minor fixes for execFileSync replacement
• 60e4213 test: added test/processExecSync.js for when execFileSync is not available.
• 969447c deps: bump request to 2.8.7, fixes heok/hawk issues
• 340403c win: improve parsing of SDK version

See the full diff

Package name: tar

The new version differs by 88 commits.

• 843c897 4.4.15
• 46fe350 Remove paths from dirCache when no longer dirs
• df3aa4d 4.4.14
• 6d28013 add publishConfig tag
• efc6bb0 fix: strip absolute paths more comprehensively
• 65edb39 4.4.13
• d04c3ff Always provide a callback to fs.close()
• dbd6f52 4.4.12
• 0240086 update tap and minipass
• 9232b3d 4.4.11
• 42fe53b update minipass, pre-pause ReadEntry objects
• 4a9069a wrapped new header with try catch
• 84ab44d 4.4.10
• 77522f0 Use `stat` instead of `lstat` when checking CWD
• 49058cb use --follow-tags on git publish push
• 8f85cab 4.4.9
• ae0598f update tap
• 91b9ee9 add header generation from gnutar 10gb file
• 9a44de7 Remove duplicate word.
• c80341a Fix encoding/decoding of base-256 numbers
• b863448 update travis
• 694f08a update packages in benchmarks
• 3f39282 Use a coverage map for more targetted testing
• 445bf45 update tap for npm audit happiness

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic