[Snyk] Upgrade nodegit from 0.4.1 to 0.26.4 #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade nodegit from 0.4.1 to 0.26.4. See this package in NPM: https://www.npmjs.com/package/nodegit See this project in Snyk: https://app.snyk.io/org/saurabharch/project/26898d8a-35aa-4227-8b51-13786273a2ea?utm_source=github&utm_medium=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade nodegit from 0.4.1 to 0.26.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.The recommended version fixes:
SNYK-JS-NPM-537606
SNYK-JS-NPM-537603
SNYK-JS-NODEGIT-542723
SNYK-JS-NODEGIT-542722
SNYK-JS-NODEGIT-542721
SNYK-JS-NODEGIT-542720
npm:chownr:20180731
npm:npm:20180222
SNYK-JS-NPM-537604
Release notes
Package name: nodegit
-
0.26.4 - 2020-01-14
- Bumped LibGit2
- Now can be configured to support longpaths on Windows. Does not respect the config value, but is configured through
- Support for complex SSH auth creds handshakes
- Pulled in patch for Libssh2 that covers an integer overflow, see Libssh2#402
- Fix some issues from the libgit2 bump
- Add option to support longpaths on Windows
- Bring in libssh2#402
- Wait for copy and remove promises to finish
- Support
- Parallelize checkout_create_the_new for perf #4205
- win32: fix relative symlinks pointing into dirs
- ntlm: prevent (spurious) compiler warnings
- Adds support for multiple SSH auth mechanisms being used sequentially
- netops: handle intact query parameters in service_suffix removal
- Refactor packfile code to use zstream abstraction
- Fix git_submodule_sync with relative url
- http: avoid generating double slashes in url
- Correct typo in name of referenced parameter
- patch_parse: fix undefined behaviour due to arithmetic on NULL pointers
- smart_pkt: fix overflow resulting in OOB read/write of one byte
- branch: clarify documentation around branches
- examples: checkout: implement guess heuristic for remote branches
- Minor doc improvements
- attr: Update definition of binary macro
- Security fixes for master
- release.md: note that we do two security releases
- MSVC: Fix warning C4133 on x64: "function": Incompatible types - from "unsigned long *" to "size_t *"
- ci: only push docs from the libgit2/libgit2 repo
- global: convert to fiber-local storage to fix exit races
- Fix copy&paste in git_cherrypick_commit docstring
- patch_parse: fix out-of-bounds reads caused by integer underflow
- tests: fix compiler warning if tracing is disabled
- tests: config: only test parsing huge file with GITTEST_INVASIVE_SPEED
- diff: complete support for git patchid
- Memory optimizations for config entries
- ssh: include sha256 host key hash when supported
- Various examples shape-ups
- Improve trace support in tests
- Move
- Add compat typdef for git_attr_t
- CI Build Updates
- patch_parse: use paths from "---"/"+++" lines for binary patches
- Follow 308 redirect in WinHTTP transport
- fileops: correct error return on p_lstat failures when mkdir
- config_mem: implement support for snapshots
- patch_parse: fix segfault when header path contains whitespace only
- config_file: fix race when creating an iterator
- Fix crash if snapshotting a config_snapshot
- fix a bug introduced in 8a23597b
- reflogs: fix behaviour around reflogs with newlines
- commit: verify objects exist in git_commit_with_signature
- patch_parse: fixes for fuzzing errors
- apply: add GIT_APPLY_CHECK
- refs: unlock unmodified refs on transaction commit
- fuzzers: add a new fuzzer for patch parsing
- patch_parse: handle patches without extended headers
- Provide a wrapper for simple submodule clone steps
- macOS GSS Support
- cmake: correct the link stanza for CoreFoundation
- Fix file locking on POSIX OS
- cmake: update minimum CMake version to v3.5.1
- patch_parse: handle patches with new empty files
- DRY commit parsing
- azure: avoid building and testing in Docker as root
- regexp: implement a new regular expression API
- git_refdb API fixes
- Don't use enum for flags
- valgrind: suppress memory leaks in libssh2_session_handshake
- buffer: fix writes into out-of-memory buffers
- cred: add missing private header in GSSAPI block
- CMake pkg-config modulification
- Update chat resources in README.md
- Circular header splitting
-
0.26.3 - 2019-12-10
- Include LibGit2 security patch: https://github.com/libgit2/libgit2/releases/tag/v0.28.4
- Bring in security patches from libgit2 #1743
-
0.26.2 - 2019-09-27
- Added options to fetch additional data (gpg signature) from LibGit2 in revWalk.prototype.commitWalk and return plain objects
- revWalk.prototype.commitWalk(numCommits: number, { returnPlainObjects: boolean })
- Optionally retrieve more data on commit walk #1728
-
0.26.1 - 2019-09-17
- Bumped LibGit2
- Additional git ignore fixes
- Allow credentials callback to return any credential type from list of supported types
- Memory leak and allocation fixes
- updateTips has optional parameters and should convert plain objects into options structs correctly now
- Added Nodegit.Blob.prototype.filter, this should be used instead of NodeGit.Blob.filteredContent as it is not deprecated.
- Bump libgit2 to latest fork of master #1723
- updateTips: optional param and normalizeOptions #1722
- Parallelize checkout_create_the_new for perf #4205
- azure: build Docker images as part of the pipeline
- smart: use push_glob instead of manual filtering
- ntlm: fix failure to find openssl headers
- cmake: remove extraneous logging
- open:fix memory leak when passing NULL to git_repository_open_ext
- apply: Fix a patch corruption related to EOFNL handling
- ignore: correct handling of nested rules overriding wild card unignore
- Memory allocation fixes for diff generator
- Use an HTTP scheme that supports the given credentials
- apply: git_apply_to_tree fails to apply patches that add new files
- Optionally read
- config: implement "onbranch" conditional
- Fix include casing for case-sensitive filesystems.
- util: use 64 bit timer on Windows
- Memory allocation audit
- clone: don't decode URL percent encodings
- Security updates from 0.28.3
-
0.26.0 - 2019-09-11
- Bumped libssh2 to 1.9 for security patch
- Remote.prototype.upload and Remote.prototype.updateTips should be async now
- GitRemote upload and updateTips are async #1720
- Update libssh2 to 1.9 #1719
-
0.25.1 - 2019-08-13
-
-
- Stash should run much faster now.
- Parallelize checkout_create_the_new for perf #4205
- stash: avoid recomputing tree when committing worktree
- Variadic macros
- Add sign capability to git_rebase_commit
- remote: remove unused block of code
- Adjust printf specifiers in examples code
- config: check if we are running in a sandboxed environment
- Fix example checkout to forbid rather than require --
- editorconfig: update to match our coding style
- Compare buffers in diff example
- Include ahead_behind in the test suite
- config: separate file and snapshot backends
- object: deprecate git_object__size for removal
-
0.25.0 - 2019-08-09
- Converted Buf.prototype.set and Buf.prototype.grow from async to sync
- Drops support for Ubuntu 14 after EOL
- Removed access to the
- Changed
- Changed
- Fixed bug where templates were not reporting errors for synchronous methods. It's a bit of a wide net, but in general,
- Support signing commits in
- Support for Node 12
- Add signing support for commits and annotated tags
- Enforced consistent use of signing callbacks within the application. Any object that implements the signingCallback
- Exposed
- Exposed
- Exposed
- Exposed
- Exposed
- Exposed
- Exposed
- Exposed
- Exposed
- Added
- Added
- Exposed
- Exposed
- Expose
- Updates lodash dependency to address security notice
- Fixed a prototype problem with cherrypick, merge, and other collections that have a function at their root. call, apply, and bind should now be on NodeGit.Cherrypick.
- Bumped libssh2 to resolve security notice.
- Improve speed and correctness of fileHistoryWalk. The API should not have changed; however, when the end of the walk has been reached,
- Fixes openssl prebuilt downloads for electron builds
- Fixes commits retrieved from
- Bump Node-Gyp to 4.0.0 to fix tar security vulnerability
- Optimized a set of routines in NodeGit. These methods as written in Javascript require hundreds or thousands of requests to async workers to retrieve data. We've batched these requests and performed them on a single async worker. There are now native implementations of the following:
- When installing on a machine that has yarn and does not have npm, the preinstall script should succeed now
- Added support for building on IBM i (PASE) machines
- Fixed leak where struct/option types were leaking libgit2 pointers
- Switched
- Fixed builds for Electron 4
- Updated
- Fixes gitignore issue with pattern negation
- Always use builtin regex for linux for portability
- Use Iconv on OSX for better internationalization support.
- Removed LibCurl from LibGit2:
- Now with built-in NTLM proxy support
- Now with built-in Negotiate/Kerberos proxy support
- Working with proxy URLs may be different as curl could auto detect scheme for proxies
- Various git config fixes
- Various git ignore fixes
- Various libgit2 performance improvements
- Windows/Linux now use PCRE for regex, OSX uses regcomp_l, this should address collation issues in diffing
- Add deprecation warnings for enums that need them. #1711
- #1706
- Reintroduce Odb.prototype.addDiskAlternate #1695
- Fix behaviour of Repository#getReferences #1708
- Bump libgit2 #1705
- Fix Tree#createUpdated #1704
- Fix failing tests on CI #1703
- Audit lodash and fix package-lock.json #1702
- Implement support for Node 12 #1696
- Remove NSEC #1699
- Use builtin regex library for linux for better portability #1693
- Remove pcre-config from binding.gyp #1694
- refresh_references.cc: skip refs that can't be directly resolved #1689
- Bump libgit2 to fork of latest master #1690
- Bump libssh2 to 1.8.2 and fix some npm audit warnings #1678
- Root functions should keep their function prototypes correctly #1681
- refresh_references.cc: bust LibGit2 remote list cache by reading config #1685
- Implement faster file history walk #1676
- EOL for Node 6 and Ubuntu 14.04 #1649
- Ensures that commits from parent(*) has a repository #1658
- Update openssl conan distributions #1663
- Support signing in Repository#mergeBranches #1664
- Dependency upgrade node-gyp upgraded to 4.0.0 #1672
- Add additional getters to streamline information gathering (breaking change) #1671
- Clean up some dangerous memory accesses in callbacks #1642
- Output the item that was deprecated when giving deprecation notice #1643
- Don't fail yarn installs when we can't find npm #1644
- Add missing
- Fix regex state causing subsequent runs of Tag.extractSignature to fail #1630
- Update LibGit2 docs to v0.28.0 #1631
- Add support for building on IBM i (PASE) #1634
- Expose more config methods #1635
- Catch errors and pass them to libgit2 as error codes in rebase signingcb #1636
- Simplify check for IBM i operating system #1637
- Bump LibGit2 to fork of v0.28.1 #1638
- We should clear the persistent cell in structs when they are destroyed #1629
- Fix "errorno" typo #1628
- Bump Libgit2 fork to v0.28.0 #1627
- Fix macOS and Windows Electron 4 builds #1626
- Fix non-existent / dangling refs cause Repository.prototype.createCommitWithSignature to fail #1624
- Handle new gyp information for electron builds #1623
- Use same API for signingCb in all places that can be crypto signed #1621
- Breaking: Repository.prototype.continueRebase enhancements #1619
- adds support for gpg commit signing (fixes #1018) #1448
- Add
- Documentation fixes. #1611
- Add Commit#amendWithSignature #1616
- Bump libgit2 to a preview of v0.28 #1615
- Fix issues with Commit#amendWithSignature #1617
- Marked Repository.createBlobFromBuffer as async #1614
- Add functionality for creating Tags with signatures and extracting signatures from Tags #1618
- Add sign capability to git_rebase_commit #4913
- Parallelize checkout_create_the_new for perf #4205
- config_file: refresh when creating an iterator
- azure: drop powershell
- fuzzer: use futils instead of fileops
- w32: fix unlinking of directory symlinks
- patch_parse: fix segfault due to line containing static contents
- ignore: fix determining whether a shorter pattern negates another
- patch_parse: handle missing newline indicator in old file
- patch_parse: do not depend on parsed buffer's lifetime
- sha1: fix compilation of WinHTTP backend
- repository: do not initialize HEAD if it's provided by templates
- configuration: cvar -> configmap
- Evict cache items more efficiently
- clar: fix suite count
- Ignore VS2017 specific files and folders
- gitattributes: ignore macros defined in subdirectories
- clar: correctly account for "data" suites when counting
- Allocate memory more efficiently when packing objects
- fileops: fix creation of directory in filesystem root
- win32: fix fuzzers and have CI build them
- Config parser separation
- config_file: implement stat cache to avoid repeated rehashing
- ci: build with ENABLE_WERROR on Windows
- Fix Regression: attr: Correctly load system attr file (on Windows)
- hash: fix missing error return on production builds
- Resolve static check warnings in example code
- Multiple hash algorithms
- More documentation
- Incomplete commondir support
- Remove warnings
- Re-run flaky tests
- errors: use lowercase
- largefile tests: only write 2GB on 32-bit platforms
- Fix broken link in README
- net: remove unused
- cmake: default NTLM client to off if no HTTPS support
- attr: rename constants and macros for consistency
- Change API instances of
- object: rename git_object__size to git_object_size
- Replace fnmatch with wildmatch
- Documentation fixes
- Removal of
- Modularize our TLS & hash detection
- tests: merge::analysis: use test variants to avoid duplicated test suites
- Rename options initialization functions
- deps: ntlmclient: disable implicit fallthrough warnings
- gitignore with escapes
- Handle URLs with a colon after host but no port
- Merge analysis support for bare repos
- Add memleak check docs
- Data-driven tests
- sha1dc: update to fix endianess issues on AIX/HP-UX
- Add NTLM support for HTTP(s) servers and proxies
- Callback type names should be suffixed with
- tests: checkout: fix symlink.git being created outside of sandbox
- ignore: handle escaped trailing whitespace
- Ignore: only treat one leading slash as a root identifier
- online tests: use gitlab for auth failures
- Ignore files: don't ignore whitespace
- cache: fix cache eviction using deallocated key
- SECURITY.md: split out security-relevant bits from readme
- Restore NetBSD support
- repository: fix garbage return value
- cmake: disable fallthrough warnings for PCRE
- Configuration parsing: validate section headers with quotes
- Loosen restriction on wildcard "*" refspecs
- Use PCRE for our fallback regex engine when regcomp_l is unavailable
- Remote URL last-chance resolution
- Skip UTF8 BOM in ignore files
- We've already added
- Define SYMBOLIC_LINK_FLAG_DIRECTORY if required
- Support symlinks for directories in win32
- rebase: orig_head and onto accessors
- cmake: correctly detect if system provides
- Correctly write to missing locked global config
- [RFC] util: introduce GIT_DOWNCAST macro
- examples: implement SSH authentication
- git_repository_init: stop traversing at windows root
- config_file: check result of git_array_alloc
- patch_parse.c: Handle CRLF in parse_header_start
- fix typo
- sha1: don't inline
- ignore: treat paths with trailing "/" as directories
- Test that largefiles can be read through the tree API
- Tests for symlinked user config
- patch_parse: fix parsing addition/deletion of file with space
- Optimize string comparisons
- Negation of subdir ignore causes other subdirs to be unignored
- xdiff: fix typo
- docs: clarify relation of safe and forced checkout strategy
- Each hash implementation should define
- [Doc] Update URL to git2-rs
- remote: Rename git_remote_completion_type to _t
- odb: provide a free function for custom backends
- Have git_branch_lookup accept GIT_BRANCH_ALL
- Rename git_transfer_progress to git_indexer_progress
- High-level map APIs
- refdb_fs: fix loose/packed refs lookup racing with repacks
- Allocator restructuring
- cache: fix misnaming of
- examples: produce single cgit2 binary
- Remove public 'inttypes.h' header
- Prevent reading out of bounds memory
- Fix a memory leak in odb_otype_fast()
- Make stdalloc__reallocarray call stdalloc__realloc
- Remove
- Fix a very improbable memory leak in git_odb_new()
- ci: publish documentation on merge
- Enable creation of worktree from bare repo's default branch
- Allow bypassing check for '.keep' file
- Deprecation: export the deprecated functions properly
- ci: skip ssh tests on macOS nightly
- CI build fixups
- v0.28 rc1
- Docs
- Documentation fixes
- ci: add an individual coverity pipeline
- ci: run docurium to create documentation
- ci: return coverity to the nightlies
- Clean up some warnings
- Nightlies: use
- index: preserve extension parsing errors
- Deprecate functions and constants more gently
- Don't use deprecated constants
- Fix VS warning C4098: 'giterr_set_str' : void function returning a value
- Move
- odb: Fix odb foreach to also close on positive error code
- repository: free memory in symlink detection function
- ci: update poxyproxy, run in quiet mode
- Add/multiply with overflow tweaks
- Improve deprecation of old enums
- Move
- More
- ci: only run invasive tests in nightly
- Always build a cdecl library
- changelog: document changes since 0.27
- Fix a bunch of warnings
- mailmap: prefer ethomson@edwardthomson.com
- Convert tests/resources/push.sh to LF endings
- Get rid of some test files that were accidentally committed
- Fix crash on remote connection when GIT_PROXY_AUTO is set but no proxy is detected
- Make ENABLE_WERROR actually work
- Remove unconditional -Wno-deprecated-declaration on macOS
- Fix warning 'function': incompatible types - from 'git_cvar_value *' to 'int *' (C4133) on VS
- Fix Linux warnings
- Coverity fixes
- Shutdown callback count
- Update CRLF filtering to match modern git
- refdb_fs: refactor error handling in
- Remove empty (sub-)directories when deleting refs
- Support creating annotated commits from annotated tags
- Fix segfault in loose_backend__readstream
- make proxy_stream_close close target stream even on errors
- Index API updates for consistency
- Allow merge analysis against any reference
- revwalk: Allow changing hide_cb
- Unused function warnings
- Add builtin proxy support for the http transport
- config: fix adding files if their parent directory is a file
- Allow certificate and credential callbacks to decline to act
- Fix warning C4133 incompatible types in MSVC
- index: introduce git_index_iterator
- commit: fix out-of-bound reads when parsing truncated author fields
- tests: 🌀 address two null argument instances #4847
- Some OpenSSL issues
- worktree: Expose git_worktree_add_init_options
- transport/http: Include non-default ports in Host header
- Support symlinks on Windows when core.symlinks=true
- strntol: fix out-of-bounds reads when parsing numbers with leading sign
- apply: small fixups in the test suite
- signature: fix out-of-bounds read when parsing timezone offset
- Remote creation API
- Index collision fixes
- Patch (diff) application
- smart transport: only clear url on hard reset (regression)
- Tree parsing fixes
- CI: Fix macOS leak detection
- README: more CI status badges
- ci: Fix some minor issues
- Object parse fixes
- Windows CI: fail build on test failure
- ci: run all the jobs during nightly builds
- strtol removal
- buf::oom tests: use custom allocator for oom failures
- ci: arm docker builds
- Win32 path canonicalization refactoring
- Check object existence when creating a tree from an index
- Ninja build
- docs: fix transparent/opaque confusion in the conventions file
- Configuration variables can appear on the same line as the section header
- path: export the dotgit-checking functions
- cmake: correct comment from libssh to libssh2
- Object parsing fuzzer
- config: Port config_file_fuzzer to the new in-memory backend.
- Add some more tests for git_futils_rmdir_r and some cleanup
- diff_stats: use git's formatting of renames with common directories
- ignore unsupported http authentication contexts
- submodule: ignore path and url attributes if they look like options
- Smart packet security fixes
- config_file: properly ignore includes without "path" value
- int-conversion
- cmake: enable new quoted argument policy CMP0054
- fix check if blob is uninteresting when inserting tree to packbuilder
- Documentation fixups
- CI: refactoring
- In-memory configuration
- Some warnings
- index: release the snapshot instead of freeing the index
- online::clone: free url and username before resetting
- git_remote_prune to be O(n * logn)
- Rename "VSTS" to "Azure DevOps" and "Azure Pipelines"
- cmake: enable -Wformat and -Wformat-security
- Fix revwalk limiting regression
- path validation:
- revwalk: refer the sorting modes more to git's options
- Clar XML output redux
- remote: store the connection data in a private struct
- docs: clarify and include licenses of dependencies
- config_file: fix quadratic behaviour when adding config multivars
- config: Fix a leak parsing multi-line config entries
- Prevent heap-buffer-overflow
- ci: remove travis
- Update VSTS YAML files with the latest syntax
- Documentation fixes
- config: convert unbounded recursion into a loop
- Document giterr_last() use only after error. #4772
- util: make the qsort_r check work on macOS
- fuzzer: update for indexer changes
- tree: accept null ids in existing trees when updating
- Pack file verification
- cmake: detect and use libc-provided iconv
- Coverity flavored clang analyzer fixes
- tests: verify adding index conflicts with invalid filemodes fails
- worktree: unlock should return 1 when the worktree isn't locked
- Add a fuzzer for config files
- Fix 'invalid packet line' for ng packets containing errors
- Fix leak in index.c
- threads::diff: use separate git_repository objects
- travis: remove Coverity cron job
- parse: Do not initialize the content in context to NULL
- config_file: Don't crash on options without a section
- ci: Correct the status code check so Coverity doesn't force-fail Travis
- ci: remove appveyor
- diff: fix OOM on AIX when finding similar deltas in empty diff
- travis: do not execute Coverity analysis for all cron jobs
- ci: enable compilation with "-Werror"
- smart_pkt: fix potential OOB-read when processing ng packet
- Fix a double-free in config parsing
- Fuzzers
- ci: run VSTS builds on master and maint branches
- Windows: default credentials / fallback credential handling
- ci: add VSTS build badge to README
- ci: set PKG_CONFIG_PATH for travis
- CI: Refactor and introduce VSTS builds
- revwalk: remove tautologic condition for hiding a commit
- winhttp: retry erroneously failing requests
- Add a configurable limit to the max pack size that will be indexed
- mbedtls: remove unused variable "cacert"
- Squash some leaks
- Add a checkout example
- Assorted Coverity fixes
- Remove GIT_PKT_PACK entirely
- ignore: improve
- alloc: don't overwrite allocator during init if set
- C90 standard compliance
- Delta OOB access
- Release v0.27.3
- streams: report OpenSSL errors if global init fails
- patch_parse: populate line numbers while parsing diffs
- Fix git_worktree_validate failing on bare repositories
- git_refspec_transform: Handle NULL dst
- Add a "dirty" state to the index when it has unsaved changes
- refspec: rename
- streams: openssl: Handle error in SSL_CTX_new
- refspec: add public parsing api
- Fix interaction between limited flag and sorting over resets
- deps: fix implicit fallthrough warning in http-parser
- Fix assorted leaks found via fuzzing
- Fix type confusion in git_smart__connect
- Verify ref_pkt's are long enough
- Config parser cleanups
- Fix last references to deprecated git_buf_free
- revwalk: avoid walking the entire history when output is unsorted
- Add mailmap support.
- tree: remove unused functions
- Link
- editorconfig: allow trailing whitespace in markdown
- docs: fix statement about tab width
- diff: fix enum value being out of allowed range
- pack: rename
- Stop leaking the memory
- Bugfix release v0.27.2
- Fix stash save bug with fast path index check
- path: unify
- Fix negative gitignore rules with leading directories
- Custom memory allocators
- index: Fix alignment issues in write_disk_entry()
- travis: war on leaks
- refdb_fs: fix regression: failure when globbing for non-existant references
- tests: submodule: do not rely on config iteration order
- Detect duplicated submodules for the same path
- Fix docurium missing includes
- github: update issue template
- streams: openssl: add missing check on OPENSSL_LEGACY_API
- mbedtls: don't require mbedtls from our pkgconfig file
- Fixes for CVE 2018-11235
- Backport fixes for CVE 2018-11235
- Added note about Windows junction points to the differences from git document
- cmake: resolve libraries found by pkg-config
- refdb_fs: enhance performance of globbing
- global: adjust init count under lock
- Fix GCC 8.1 warnings
- Worktrees can be made from bare repositories
- docs: add documentation to state differences from the git cli
- Sanitize the hunk header to ensure it contains UTF-8 valid data
- examples: ls-files: add ls-files to list paths in the index
- OpenSSL legacy API cleanups
- worktree: add functions to get name and path
- Fix deletion of unrelated branch on worktree
- mbedTLS support
- Configuration entry iteration in order
- blame_git: fix coalescing step never being executed
- Fix leaks in master
- Leak fixes for v0.27.1
- worktree: Read worktree specific reflog for HEAD
- fixed stack smashing due to wrong size of struct stat on the stack
- scripts: add backporting script
- worktree: add ability to create worktree with pre-existing branch
- refs: preserve the owning refdb when duping reference
- Submodules-API should report .gitmodules parse errors instead of ignoring them
- Typedef git_pkt_type and clarify recv_pkt return type
- online::clone: validate user:pass in HTTP_PROXY
- transports: ssh: disconnect session before freeing it
- revwalk: fix uninteresting revs sometimes not limiting graphwalk
- attr_file: fix handling of directory patterns with trailing spaces
- transports: local: fix assert when fetching into repo with symrefs
- remote/proxy: fix git_transport_certificate_check_db description
- Flag options in describe.h as being optional
- diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping.
- appveyor: fix typo in registry key to disable DHE
- Fix build with LibreSSL 2.7
- appveyor: workaround for intermittent test failures
- sha1dc: update to fix errors with endianess
- submodule: check index for path and prefix before adding submodule
- odb: mempack: fix leaking objects when freeing mempacks
- types: remove unused git_merge_result
- checkout: change default strategy to SAFE
- Add myself to git.git-authors
-
0.25.0-alpha.16 - 2019-07-24
- Adds support for Node 12
- Updates lodash dependency to address security notice
- Expose Tree.prototype.createUpdated(repo, numUpdates, updates)
- Bumps libgit2
- Fixes gitignore issue with pattern negation
- Remote.list now gets the correct list of remotes if remotes are changed by external process
- Bump libgit2 #1705
- Fix Tree#createUpdated #1704
- Fix failing tests on CI #1703
- Audit lodash and fix package-lock.json #1702
- Implement support for Node 12 #1696
- config_file: refresh when creating an iterator #5181
- azure: drop powershell #5141
- fuzzer: use futils instead of fileops #5180
- w32: fix unlinking of directory symlinks #5151
- patch_parse: fix segfault due to line containing static contents #5179
- ignore: fix determining whether a shorter pattern negates another #5173
- patch_parse: handle missing newline indicator in old file #5159
- patch_parse: do not depend on parsed buffer's lifetime #5158
- sha1: fix compilation of WinHTTP backend #5174
- repository: do not initialize HEAD if it's provided by templates #5176
- configuration: cvar -> configmap #5138
- Evict cache items more efficiently #5172
- clar: fix suite count #5175
- Ignore VS2017 specific files and folders #5163
- gitattributes: ignore macros defined in subdirectories #5156
- clar: correctly account for "data" suites when counting #5168
- Allocate memory more efficiently when packing objects #5170
- fileops: fix creation of directory in filesystem root #5131
- win32: fix fuzzers and have CI build them #5160
- Config parser separation #5134
- config_file: implement stat cache to avoid repeated rehashing #5132
- ci: build with ENABLE_WERROR on Windows #5143
- Fix Regression: attr: Correctly load system attr file (on Windows) #5152
- hash: fix missing error return on production builds #5145
- Resolve static check warnings in example code #5142
- Multiple hash algorithms #4438
- More documentation #5128
- Incomplete commondir support #4967
- Remove warnings #5078
- Re-run flaky tests #5140
-
0.25.0-alpha.15 - 2019-07-17
- Removed NSEC optimization due to performance regressions in repositories that did not use NSEC optimization cloned via NodeGit.
- Remove NSEC #1699
-
0.25.0-alpha.14 - 2019-07-01
- Always use builtin regex for linux for portability
- Use builtin regex library for linux for better portability #1693
- Remove pcre-config from binding.gyp #1694
-
0.25.0-alpha.13 - 2019-06-27
-
0.25.0-alpha.12 - 2019-06-04
-
0.25.0-alpha.11 - 2019-05-20
-
0.25.0-alpha.10 - 2019-05-03
-
0.25.0-alpha.9 - 2019-03-05
-
0.25.0-alpha.8 - 2019-02-28
-
0.25.0-alpha.7 - 2019-02-20
-
0.25.0-alpha.6 - 2019-02-14
-
0.25.0-alpha.5 - 2019-02-12
-
0.25.0-alpha.4 - 2019-02-08
-
0.25.0-alpha.3 - 2019-02-05
-
0.25.0-alpha.2 - 2019-02-01
-
0.25.0-alpha.1 - 2019-01-31
-
0.24.3 - 2019-05-03
-
0.24.2 - 2019-04-19
-
0.24.1 - 2019-02-12
-
0.24.0 - 2019-01-16
-
0.24.0-alpha.1 - 2018-10-25
-
0.23.1 - 2019-02-12
-
0.23.0 - 2018-10-24
-
0.23.0-alpha.2 - 2018-10-19
-
0.23.0-alpha.1 - 2018-10-03
-
0.22.2 - 2018-07-10
-
0.22.1 - 2018-05-31
-
0.22.0 - 2018-04-10
-
0.21.2 - 2018-03-20
-
0.21.1 - 2018-03-05
-
0.21.0 - 2018-02-26
-
0.20.3 - 2017-10-19
-
0.20.2 - 2017-09-14
-
0.20.1 - 2017-08-17
-
0.20.0 - 2017-08-16
-
0.19.0 - 2017-04-20
-
0.18.3 - 2017-04-26
-
0.18.2 - 2017-04-24
-
0.18.1 - 2017-04-21
-
0.18.0 - 2017-03-02
-
0.17.0 - 2017-02-06
-
0.16.0 - 2016-09-16
-
0.15.1 - 2016-06-24
-
0.15.0 - 2016-06-23
-
0.14.1 - 2016-06-24
-
0.14.0 - 2016-06-23
-
0.13.2 - 2016-06-10
-
0.13.1 - 2016-06-05
-
0.13.0 - 2016-05-05
-
0.12.2 - 2016-04-07
-
0.12.1 - 2016-03-30
-
0.12.0 - 2016-03-28
-
0.11.9 - 2016-03-09
-
0.11.8 - 2016-03-07
-
0.11.7 - 2016-03-07
-
0.11.6 - 2016-03-01
-
0.11.5 - 2016-02-25
-
0.11.4 - 2016-02-24
-
0.11.3 - 2016-02-22
-
0.11.2 - 2016-02-18
-
0.11.1 - 2016-02-10
-
0.11.0 - 2016-02-04
-
0.10.0 - 2016-02-01
-
0.9.0 - 2016-01-22
-
0.8.0 - 2016-01-15
-
0.7.0 - 2016-01-08
-
0.6.3 - 2015-12-18
-
0.6.2 - 2015-12-15
-
0.6.1 - 2015-12-14
-
0.6.0 - 2015-12-09
-
0.5.0 - 2015-09-23
-
0.4.1 - 2015-06-02
from nodegit GitHub release notesSummary of changes
NodeGit.Libgit2.opts. See #1748 for details.Merged PRs into NodeGit
Merged PRs into LibGit2
core.longpathson Windows #5347git_off_ttogit_object_size_tSummary of changes
Merged PRs into NodeGit
Summary of changes
Merged PRs into NodeGit
Summary of changes
Merged PRs into NodeGit
Merged PRs into LibGit2
.gitattributesfrom HEADSummary of changes
Merged PRs into NodeGit
Summary of changes
Security patch for LibGit2:
A carefully constructed commit object with a very large number
of parents may lead to potential out-of-bounds writes or
potential denial of service.
The ProgramData configuration file is always read for compatibility
with Git for Windows and Portable Git installations. The ProgramData
location is not necessarily writable only by administrators, so we
now ensure that the configuration file is owned by the administrator
or the current user.
Additionally:
Merged PRs into LibGit2
Summary of changes
BREAKING
getRemotesno longer returns remote names, it now returns remote objects directly. UsegetRemoteNamesto get a list of remote names.Repository.prototype.continueRebasewill now throw on any error except for EAPPLIED on the first call toRebase.prototype.nextdiff_so_farparam ingit_diff_notify_cbandgit_diff_progress_cbFilterSource.prototype.repoto async to prevent segfaults on filters that run duringSubmodule.statusNodeGit.Signature.defaultto async, because it actually ends up reading the config.it is now possible certain sync methods in NodeGit will begin failing that did not fail before. This is the correct
behavior.
Deprecations
Repository.prototype.mergeBranches. The last parameterprocessMergeMessageCallbackis now deprecated, but will continue to work. Use the options object instead, which will contain theprocessMergeMessageCallback, as well as thesigningCb.New
pattern for signing commits or tags should use the exact same callback type and with the same meaning.
type SigningCallback = (content: string) => {| code: number, field?: string, signedData?: string |};If the code is
NodeGit.Error.CODE.OKor 0, the operation will succeed and at least signedData is expected to be filled out.If the code is a negative number, except for
NodeGit.Error.CODE.PASSTHROUGH, the signing operation will fail.If the code is
NodeGit.Error.CODE.PASSTHROUGH, the operation will continue without signing the object.AnnotatedCommitmethods:AnnotatedCommit.prototype.refApplymethods:Apply.applyapplies a diff to the repositoryApply.toTreeapplies a diff to a treeConfigmethods:Config.prototype.deleteEntryConfig.prototype.deleteMultivarConfig.prototype.getBoolConfig.prototype.getInt32Config.prototype.getInt64Config.prototype.setMultivarConfig.prototype.snapshotConfigIteratorwith methods:ConfigIterator.createConfigIterator.createGlobConfigIterator.createMultivarConfigIterator.prototype.nextIndexNameEntry:IndexNameEntry.addIndexNameEntry.clearIndexNameEntry.entryCountIndexNameEntry.getByIndexIndexNameEntry.prototype.ancestorIndexNameEntry.prototype.oursIndexNameEntry.prototype.theirsIndexReucEntry:IndexReucEntry.addIndexReucEntry.clearIndexReucEntry.entryCountIndexReucEntry.findIndexReucEntry.getByIndexIndexReucEntry.getByPathIndexReucEntry.removeIndexReucEntry.prototype.modeIndexReucEntry.prototype.oidIndexReucEntry.prototype.pathMailmap:Mailmap.prototype.addEntryMailmap.fromBufferMailmap.fromRepositoryMailmap.createMailmap.prototype.resolveMailmap.prototype.resolveSignatureMergemethods:Merge.analysisMerge.analysisForRefPath.isGitfileRebaseOptionstoRepository.prototype.rebaseContinueNodeGit.Reference.updateTerminalRemotemethods:Remote.createWithOptsTag.createFromBufferTree.prototype.createUpdated(repo, numUpdates, updates)Fixed
reachedEndOfHistorywill be specified on the resulting array.Commit.prototype.parentRepository.prototype.getReferences: Retrieves all references on async worker.Repository.prototype.getRemotes: Retrieves all remotes on async worker.Repository.prototype.getSubmodules: Retrieves all submodules on async worker.Repository.prototype.refreshReferences: Open sourced function from GitKraken. Grabs a lot of information about references on an async worker.Revwalk.prototype.commitWalk: Retrieves up to N commits from a revwalk on an async worker.ceiling_dirsis now an optional parameter toRepository.discoverNodeGit.Oid.fromString's internal implementation fromgit_oid_fromstrtogit_oid_fromstrpSignature.prototype.toStringto optionally include timestampsLibGit2 Bump
Remote.listnow gets the correct list of remotes if remotes are changed by external processMerged PRs into NodeGit
ceiling_dirsparameter inRepository.discoveris optional #1245shouldAllocdeclarations for git_merge_analysis* functions #1641updateRefparameter to Repository#createCommitWithSignature #1610Merged PRs into LibGit2
git_headlist_cbfromnountofrom_noun(with an underscore)p_fallocate_cbZLIB_LIBRARIEStoLIBGIT2_LIBSso don't also add thezlibraryregcompgit_hash_global_initfor win32git_hash_global_initgit_cache_freegit_time_monotoniclatestdocker imagesgiterrtogit_errorgit_ref_ttogit_reference_tgit_objtogit_objectupdatesrefdb_reflog_fs__deletecharis not signed by default.git_ignore_path_is_ignoreddescription Git analogygit_refspec__freetogit_refspec__disposembedTLSlibraries in whenSHA1_BACKEND== "mbedTLS"git_packfile_stream_freegit_path_is_*APIsSummary of changes
Merged PRs into NodeGit
Merged PRs into LibGit2
Summary of changes
Merged PRs into NodeGit
Summary of changes
Merged PRs into NodeGit
Commit messages
Package name: nodegit
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
[//]: # (snyk:metadata:{"dependencies":[{"name":"nodegit","from":"0.4.1","to":"0.26.4"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/saurabharch/project/26898d8a-35aa-4227-8b51-13786273a2ea?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"26898d8a-35aa-4227-8b51-13786273a2ea","env":"prod","prType":"upgrade","vulns":["SNYK-JS-NPM-537606","SNYK-JS-NPM-537603","SNYK-JS-NODEGIT-542723","SNYK-JS-NODEGIT-542722","SNYK-JS-NODEGIT-542721","SNYK-JS-NODEGIT-542720","npm:chownr:20180731","npm:npm:20180222","SNYK-JS-NPM-537604"],"issuesToFix":[{"issueId":"SNYK-JS-NPM-537606","severity":"high","title":"Arbitrary File Write","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-NPM-537603","severity":"high","title":"Arbitrary File Overwrite","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-NODEGIT-542723","severity":"high","title":"Improper Link Resolution Before File Access","exploitMaturity":"mature"},{"issueId":"SNYK-JS-NODEGIT-542722","severity":"high","title":"Improper Handling of Alternate Data Stream","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-NODEGIT-542721","severity":"high","title":"Improper Handling of Alternate Data Stream","exploitMaturity":"mature"},{"issueId":"SNYK-JS-NODEGIT-542720","severity":"high","title":"Directory Traversal","exploitMaturity":"no-known-exploit"},{"issueId":"npm:chownr:20180731","severity":"medium","title":"Time of Check Time of Use (TOCTOU)","exploitMaturity":"no-known-exploit"},{"issueId":"npm:npm:20180222","severity":"medium","title":"Access Restriction Bypass","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-NPM-537604","severity":"low","title":"Unauthorized File Access","exploitMaturity":"proof-of-concept"}],"upgrade":["SNYK-JS-NPM-537606","SNYK-JS-NPM-537603","SNYK-JS-NODEGIT-542723","SNYK-JS-NODEGIT-542722","SNYK-JS-NODEGIT-542721","SNYK-JS-NODEGIT-542720","npm:chownr:20180731","npm:npm:20180222","SNYK-JS-NPM-537604"],"upgradeInfo":{"versionsDiff":78,"publishedDate":"2020-01-14T19:23:53.762Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})