[Snyk] Security upgrade nodegit from 0.6.3 to 0.23.0

[piranna]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nodegit

The new version differs by 250 commits.

• 3d7f274 Bump to v0.23.0
• 291b988 Bump to v0.23.0-alpha.2
• 724c567 Merge pull request #1569 from stevex86/fix/do-not-use-system-openssl-macos
• 23b98da Copy libssh2 config headers straight into `vendor/libssh2`
• b29ab01 Move `static_config/win32` back into `vendor/libssh2`
• 3945596 Don't no-op configureLibssh2 on Windows anymore.
• a09613c Copy Windows / Darwin static configuration files into `libssh` as configure step
• 0fe23f3 Add static configured libssh2 header for MacOS
• c268b63 Move `libssh2/win32` directory to `vendor/static_config`
• 9c0c983 Ensure `static_config` directory exists before writing openssl_distributions.json
• 4a0faed Prework: Move openssl_distributions file into `vendor/static_config`
• 4cc8301 Error in tag regex for .travis.yml
• 06c8b4a Bump to v0.23.0-alpha.1
• 9bf69c9 Fix pathing and ia32 detection for openssl dependency on win32
• 429e135 Revert "Bump to v0.23.0-alpha.1"
• bc4389c Bump to v0.23.0-alpha.1
• db41b8a Merge pull request #1560 from stevex86/fix/win32-electron-builds
• 8e17db5 Fix Electron builds on win32
• 71b7db2 Merge pull request #1558 from implausible/feature/sequence-submodule-updates
• 722a3b6 Merge pull request #1519 from Croydon/node10
• e42502f Travis: Sudo is not needed
• 99eccc9 Chore: Package updates
• ee480af Update nan to 2.11.0
• 77aded7 Travis: Build downloads on Trusty

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn