[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	481/1000 Why? Recently disclosed, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-gyp

The new version differs by 97 commits.

• 33affe2 v7.0.0: bump version and update changelog
• ba4f34b doc: update catalina xcode clt download link
• f7bfce9 doc: update acid test and introduce curl|bash test script
• 4937722 deps: replace mkdirp with {recursive} mkdir
• a6b76a8 gyp: update gyp to 0.2.1
• e529f33 doc: update README to reflect upgrade to gyp-next
• ebc34ec gyp: update gyp to 0.2.0
• 9aed628 doc: give more attention to Catalina issues doc
• 963f2a7 doc: improve cataline discoverability for search engines
• d45438a deps: update deps, match to npm@7
• 5f47b7a v5.1.1: bump version and update changelog
• c255ffb lib: drop "-2" flag for "py.exe" launcher
• 741ab09 test: remove support for EOL versions of Node.js
• 6356117 doc, bin: stop suggesting opening node-gyp issues
• 7b75af3 doc: add macOS Catalina software update info
• 4f23c7b doc: update link to the code of conduct (Memory leak in setInterval + console.log + process.memoryUsage nodejs/node#2073)
• 473cfa2 doc: note in README that Python 3.8 is supported (tools: update eslint and re-enable comma-spacing rule nodejs/node#2072)
• e18a61a build: shrink bloated addon binaries on windows
• ca86ef2 test: bump actions/checkout from v1 to v2
• e7402b4 doc: update catalina xcode cli tools download link (Prototype bleeding in events.js nodejs/node#2044)
• 972780b gyp: sync code base with nodejs repo (build: headers tarball target nodejs/node#1975)
• dab0305 v5.1.0: bump version and update changelog
• 35de459 doc: update catalina xcode cli tools download link; formatting
• 4864219 doc: add download link for Command Line Tools for Xcode

See the full diff

Package name: pacote

The new version differs by 119 commits.

• aef0f62 10.3.1
• f119a20 update cacache and other deps to latest
• 71dd75f tar@6
• 7d95bdf Upgrade to mkdirp v1
• e88f844 10.3.0
• b21dd92 update semver
• d8ab8cf update npm-packlist
• 361f0b3 update tap
• c4bbf23 test: make the remote timeout test time out forever
• b4ea91f npm-registry-fetch 6.0.0
• 591edd8 @ npmcli/installed-package-contents@1.0.5
• 5ce1093 test: make remote timeout test more reliably time out
• 48fc9b8 use WhatWG URL instead of url.parse
• e515bce Update deps, float patch for npm-registry-fetch
• cf50f54 update @ npmcli/installed-package-contents, require node >=10
• 698e996 Extract: rimraf dir contents, not dir itself
• e568305 add @ npmcli/installed-package-contents module
• e8a80d7 upgrade all deps
• dfccb4f remove extraneous isNaN checking in git opts
• e33c9ce 10.2.1
• bad55cd fix: Do not drop perms in git when not root
• ccc9e20 bin: only add log listener once
• 8a8cd6a 10.2.0
• e8c274c registry: verify integrity when loading manifest

See the full diff

Package name: tar

The new version differs by 74 commits.

• bf69383 6.1.4
• 06cbde5 Avoid an unlikely but theoretically possible redos
• 0b78386 6.1.3
• 56c24b0 fix: properly handle top-level files when using strip
• 8d75229 ci: Create codeql workflow
• 3f7b200 6.1.2
• 9dbdeb6 Remove paths from dirCache when no longer dirs
• 1e33534 6.1.1
• 1f036ca fix: strip absolute paths more comprehensively
• 1b94260 tap@15
• 259e649 6.1.0
• 2d83d5b Add the noChmod option
• 73ec0f7 Skip known-bad test on old Node.js versions
• bfa1f24 ci: turn off windows tests for now
• ad43c86 always use LF line endings for test fixtures
• e753c9d actions: turn on core.longpaths for windows
• 0f1211f test: provide more garbagey gzip data for zlib fail test
• 3c1afee add eslintrc file
• 460735f remove travis build status badge
• 511c9f6 un-ignore .github folder
• 0303402 eslint should be dev deps, not prod
• a52d758 lint
• e688254 use GHA instead of Travis
• 7028aeb 6.0.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[rollingversions]

There is no change log for this pull request yet.

Create a changelog