Skip to content

Upgrade node-gyp dependency to avoid glob security vulnerability #1234

@AGrunewald

Description

@AGrunewald

"node-gyp": "^11.2.0",

The dependency on an old node-gyp version means we are importing and old library dependency tree with a security vulnerability.

npm warn deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me

glob@10.5.0 dev
node_modules/cacache/node_modules/glob
  glob@"^10.2.2" from cacache@19.0.1
  node_modules/cacache
    cacache@"^19.0.1" from make-fetch-happen@14.0.3
    node_modules/make-fetch-happen
      make-fetch-happen@"^14.0.3" from node-gyp@11.5.0
      node_modules/node-gyp
        node-gyp@"^11.2.0" from @electron/rebuild@4.0.3
        node_modules/@electron/rebuild

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions