Upgrade node-gyp dependency to avoid glob security vulnerability

https://github.com/electron/rebuild/blob/76b460011b5ca4be498022cf48637e6ae5d91a46/package.json#L56

The dependency on an old node-gyp version means we are importing and old library dependency tree with a security vulnerability.

npm warn deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me

    glob@10.5.0 dev
    node_modules/cacache/node_modules/glob
      glob@"^10.2.2" from cacache@19.0.1
      node_modules/cacache
        cacache@"^19.0.1" from make-fetch-happen@14.0.3
        node_modules/make-fetch-happen
          make-fetch-happen@"^14.0.3" from node-gyp@11.5.0
          node_modules/node-gyp
            node-gyp@"^11.2.0" from @electron/rebuild@4.0.3
            node_modules/@electron/rebuild

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade node-gyp dependency to avoid glob security vulnerability #1234

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Upgrade node-gyp dependency to avoid glob security vulnerability #1234

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions