[Snyk] Fix for 3 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-gyp

The new version differs by 46 commits.

• 41f2b23 4.0.0
• 35e765b doc: update changelog
• ceed5cb deps: updated tar package version to 4.4.8
• 374519e Upgrade to tar v3
• e6699d1 test: fix addon test for Node.js 12 and V8 7.4
• 0c6bf53 lib: use print() for python version detection
• 9a404d6 3.8.0
• 9b9d98f doc: update changelog
• c5929cb doc: update Xcode preferences tab name.
• 8b488da doc: update link to commit guidelines
• b4fe8c1 doc: fix visual studio links
• 536759c configure: use sys.version_info to get python version
• 94c39c6 gyp: fix ninja build failure (GYP patch)
• e8ea74e tools: patch gyp to avoid xcrun errors
• ea9aff4 tools: fix "the the" typos in comments
• 207e5aa gyp: implement LD/LDXX for ninja and FIPS
• b416c5f gyp: enable cctest to use objects (gyp part)
• 40692d0 gyp: add compile_commands.json gyp generator
• fc3c4e2 gyp: float gyp patch for long filenames
• 8aedbfd gyp: backport GYP fix to fix AIX shared suffix
• 6cd84b8 test: formatting and minor fixes for execFileSync replacement
• 60e4213 test: added test/processExecSync.js for when execFileSync is not available.
• 969447c deps: bump request to 2.8.7, fixes heok/hawk issues
• 340403c win: improve parsing of SDK version

See the full diff

Package name: tar

The new version differs by 110 commits.

• 3e35515 4.4.18
• 52b09e3 fix: prevent path escape using drive-relative paths
• bb93ba2 fix: reserve paths properly for unicode, windows
• 2f1bca0 fix: prune dirCache properly for unicode, windows
• 9bf70a8 4.4.17
• 6aafff0 fix: skip extract if linkpath is stripped entirely
• 5c5059a fix: reserve paths case-insensitively
• fd6accb 4.4.16
• 53cea6e tests: run (and pass) on windows
• 166cfc0 fix: refactoring to pass tests on Windows
• ce5148e fix: refactoring to pass tests on Windows
• 3f2e2da fix: normalize paths on Windows systems
• e29a665 fix: properly prefix hard links
• fd2a38d chore: WriteEntry cleaner write() handling
• 7b2acc5 update deps
• 83bb22c WriteEntry backpressure
• 0dcc5b2 chore: track fs state on WriteEntry class, not in arguments
• adf3511 Avoid an unlikely but theoretically possible redos
• d688cad fix: properly handle top-level files when using strip
• ea6f254 unpack: keep path reservations longer
• b2a97e1 Address unpack race conditions using path reservations
• f0fe3aa basic path reservation system
• 843c897 4.4.15
• 46fe350 Remove paths from dirCache when no longer dirs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic