[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-gyp

The new version differs by 46 commits.

• 41f2b23 4.0.0
• 35e765b doc: update changelog
• ceed5cb deps: updated tar package version to 4.4.8
• 374519e Upgrade to tar v3
• e6699d1 test: fix addon test for Node.js 12 and V8 7.4
• 0c6bf53 lib: use print() for python version detection
• 9a404d6 3.8.0
• 9b9d98f doc: update changelog
• c5929cb doc: update Xcode preferences tab name.
• 8b488da doc: update link to commit guidelines
• b4fe8c1 doc: fix visual studio links
• 536759c configure: use sys.version_info to get python version
• 94c39c6 gyp: fix ninja build failure (GYP patch)
• e8ea74e tools: patch gyp to avoid xcrun errors
• ea9aff4 tools: fix "the the" typos in comments
• 207e5aa gyp: implement LD/LDXX for ninja and FIPS
• b416c5f gyp: enable cctest to use objects (gyp part)
• 40692d0 gyp: add compile_commands.json gyp generator
• fc3c4e2 gyp: float gyp patch for long filenames
• 8aedbfd gyp: backport GYP fix to fix AIX shared suffix
• 6cd84b8 test: formatting and minor fixes for execFileSync replacement
• 60e4213 test: added test/processExecSync.js for when execFileSync is not available.
• 969447c deps: bump request to 2.8.7, fixes heok/hawk issues
• 340403c win: improve parsing of SDK version

See the full diff

Package name: tar

The new version differs by 250 commits.

• 0532554 3.2.3
• 85d3a94 Remove paths from dirCache when no longer dirs
• 9c393bb 3.2.2
• 2a724c6 add publishConfig tag
• 147e078 fix: strip absolute paths more comprehensively
• 1dea1df v3.2.1
• afb02ad pack: don't drop dots from dotfiles when prefixing
• 6a86ec4 v3.2.0
• cb297ca Add uid/gid options to extract and unpack
• 38c265b add chownr as a dep
• ef33670 v3.1.15
• ea21ad6 unpack: Fix process.umask handling
• 0594dcf v3.1.14
• d8ecec7 mkdir: always chmod when umask won't allow mode
• 97e7646 unpack: don't call process.getgid() unnecessarily
• 95049b6 Include size in PAX extended header
• 2176335 v3.1.13
• c8ac45b Do not attempt to call getgid/getuid if not a function
• 587a459 v3.1.12
• 257d430 More extra event emitting to avoid 'premature close'
• 474686b v3.1.11
• a7af20d unpack: go ahead and emit 'end'
• 9780dc1 v3.1.10
• 9f8a12f Strip null bytes from extended path/linkpath entries

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic