Update dependencies to get rid of security vulnerabilities

[stefan-guggisberg]

running npm install on v0.22.2 ends with the following console output:

found 35 vulnerabilities (6 low, 16 moderate, 12 high, 1 critical)

updating the following dependencies:

• node-gyp -> ^3.8.0
• node-pre-gyp -> ^0.11.0
• coveralls -> ^3.0.2
• mocha -> ^5.2.0

fixes the following vulnerabilities:

• hoek < 4.2.1
• cryptiles < 4.1.2
• sshpk < 1.13.2
• growl < 1.10.0

[trieloff]

@stefan-guggisberg Mocha 3.0.0 changed the behavior for async tests (mochajs/mocha#2407), you cannot return a Promise and call done() at the same time. This causes two of the tests to fail. The solution seems to be remove the return statements here:

https://github.com/stefan-guggisberg/nodegit/blob/bump_node-pre-gyp/test/tests/filter.js#L107

and here:

https://github.com/stefan-guggisberg/nodegit/blob/bump_node-pre-gyp/test/tests/note.js#L61

Not sure what is causing the third test failure.

[stefan-guggisberg]

@trieloff thanks. i've fixed those tests in a6a4aab.

now running npm test on the branch gives the exact same result as on the latest release (v0.22.2):

  381 passing (4m)
  4 pending
  3 failing

  1) Clone
       can clone with ssh:
     Error: Timeout of 30000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/stefan/projects/nodegit-fork/test/tests/clone.js)


  2) Clone
       can clone with git:
     Error: Error receiving socket data: Operation timed out


  3) Remote
       can reject fetching from private repository without valid credentials:

      AssertionError [ERR_ASSERTION]: Should not be able to find repository.
      + expected - actual

      -callback failed to initialize SSH credentials
      +ERROR: Repository not found.

the same tests are failing on master, they're not broken by this PR.

[Croydon]

This is redundant of my pull request #1519 which I have referenced in #1499

[maxkorp]

Maybe its redundant @Croydon but is there a reason we can't separate these changes out, to break down the size of that monster a bit? Like would that cause undue conflicts in your branch if we were to merge this then that?

CC @tbranyen @implausible

[Croydon]

It's fine with me when this gets merged first. I just noted that because it sounds like duplication of already done work.

[implausible]

I definitely feel like we should probably target these branches instead of having one mega PR, as well. It's a bit intimidating to look at your PR @Croydon.

[Croydon]

@implausible Yes, I totally agree. I did start my pull request a long time ago and it kept growing as I never got Node 10 to actually work.

Please go ahead and merge this.

[implausible]

Rerunning the test that failed. Looked like a weird failure to occur as everything passed except the deploy docs noop step.

[stefan-guggisberg]

@implausible thanks! any chance this gets published on npm anytime soon?

[implausible]

I am hoping to get the node 10 branch wrapped up before we publish the next version, but yes, hopefully soon.