[Snyk] Security upgrade nodegit from 0.6.3 to 0.26.3

[piranna]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	670/1000 Why? Has a fix available, CVSS 8.9	Directory Traversal SNYK-JS-NODEGIT-542720	No	No Known Exploit
	831/1000 Why? Mature exploit, Has a fix available, CVSS 8.9	Improper Handling of Alternate Data Stream SNYK-JS-NODEGIT-542721	No	Mature
	659/1000 Why? Has a fix available, CVSS 8.9	Improper Handling of Alternate Data Stream SNYK-JS-NODEGIT-542722	No	No Known Exploit
	831/1000 Why? Mature exploit, Has a fix available, CVSS 8.9	Improper Link Resolution Before File Access SNYK-JS-NODEGIT-542723	No	Mature
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nodegit

The new version differs by 250 commits.

• bdae091 Fix workflow for node 8 npm issue
• 0de3294 Bump to v0.26.3
• 36856a1 Merge pull request #1743 from implausible/security-fixes
• b5769a2 Bring in security patches from libgit2
• 1047f66 Bupm to v0.26.2
• 0683f2b Update README.md for inactive maintainers
• b66dd42 Merge pull request #1728 from implausible/feature/commit-walk-commit-models
• d7c9860 Use const qualifier more; use static_cast for void *
• 6ecd368 commitWalk optionally returns plain objects with gpgSignature data
• ee7b26c Bump to v0.26.1
• 7468f5e Merge pull request #1723 from implausible/bump/libgit2
• 0ff6470 Bump libgit2 to latest fork of master
• 372635a Merge pull request #1722 from implausible/fix/optional-parameter-on-update-tips
• cd55298 updateTips: optional param and normalizeOptions
• 0228707 Enable builds on tags
• 3699ee9 Bump to v0.26.0
• b6e5fac In testing, retry npm install because of unsolved race condition
• d071af0 Merge pull request #1720 from implausible/fix/async-remote-functions
• 46a3456 Merge pull request #1719 from implausible/patch/libssh2
• 95e0518 GitRemote upload and updateTips are async
• 129492d Update libssh2 to 1.9
• f2fea6a Merge pull request #1717 from henkesn/rebase-inmemory
• ee79dcb Add test for in-memory rebase
• b495715 Fix rebase using in-memory index

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn