[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-gyp

The new version differs by 6 commits.

• 41f2b23 4.0.0
• 35e765b doc: update changelog
• ceed5cb deps: updated tar package version to 4.4.8
• 374519e Upgrade to tar v3
• e6699d1 test: fix addon test for Node.js 12 and V8 7.4
• 0c6bf53 lib: use print() for python version detection

See the full diff

Package name: npm-lifecycle

The new version differs by 7 commits.

• cf5f5ca chore(release): 2.1.1
• dbbfe27 deps: bump deps to fix security advisories
• e96f550 deps: update node-gyp to v4.0.0
• f6cef1c chore: update CI for current Node LTS
• c137ac7 deps: bump devDeps
• 62c07d3 deps: bump deps
• 220cd70 fix(test): update postinstall script for fixture

See the full diff

Package name: tar

The new version differs by 37 commits.

• 843c897 4.4.15
• 46fe350 Remove paths from dirCache when no longer dirs
• df3aa4d 4.4.14
• 6d28013 add publishConfig tag
• efc6bb0 fix: strip absolute paths more comprehensively
• 65edb39 4.4.13
• d04c3ff Always provide a callback to fs.close()
• dbd6f52 4.4.12
• 0240086 update tap and minipass
• 9232b3d 4.4.11
• 42fe53b update minipass, pre-pause ReadEntry objects
• 4a9069a wrapped new header with try catch
• 84ab44d 4.4.10
• 77522f0 Use `stat` instead of `lstat` when checking CWD
• 49058cb use --follow-tags on git publish push
• 8f85cab 4.4.9
• ae0598f update tap
• 91b9ee9 add header generation from gnutar 10gb file
• 9a44de7 Remove duplicate word.
• c80341a Fix encoding/decoding of base-256 numbers
• b863448 update travis
• 694f08a update packages in benchmarks
• 3f39282 Use a coverage map for more targetted testing
• 445bf45 update tap for npm audit happiness

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic