[Snyk] Security upgrade isomorphic-git from 0.78.2 to 1.8.2

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	741/1000 Why? Recently disclosed, Has a fix available, CVSS 9.1	Directory Traversal SNYK-JS-ISOMORPHICGIT-1535213	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: isomorphic-git

The new version differs by 132 commits.

• 1316820 fix(checkout): throw error on malicious filepaths (#1339)
• 89c0da7 fix(merge): Cannot set property 'oid' of undefined (#1312)
• b102e1d fix(website): try it out (#1290)
• 03846e1 fix(react-native): fix for "<Intermediate Value>.stream is not a function" errors in React Native (#1156)
• 153679f chore: fix broken link in README.md (#1154)
• baf668b fix(merge): "Cannot read property 'Symbol(PackfileCache)' of undefined" error (#1289)
• 26f761e feat: Added 'cache' parameter; an opt-in solution to performance regressions caused by #1217 (#1255)
• f2e3805 fix(CLI): `isogit` CLI throws "Error [ERR_REQUIRE_ESM]: Must use import to load ES Module" in Node 13+
• 629b4e1 fix(push): "Cannot read property 'packfiles' of undefined" error (#1234)
• 3eeb9a8 chore: fix the "TypeError: dupMap.get is not a function" errors that break Jest occasionally (#1233)
• e66a6c2 fix(fetch): fetching a commit hash with `singleBranch: true` (#1225)
• 668015c docs(pr-template): fixed location of `__tests__/test-exports.js` (#1195)
• 9c1e96d docs: renameBranch missing from docs (#1218)
• ad1f06f chore: delete a 3.6 MB test fixture that is not used anywhere (#1200)
• f19ea0f fix(clone): fix memory leak if repeatedly cloning (#1217)
• 02045f6 fix(getRemoteInfo, getRemoteInfo2): throw UnknownTransportError for SSH urls (#1199)
• 55f2ade fix(push): fix regression introduced in v1.4.4 that broke pushing repos with submodules (#1196)
• fb407a0 perf: replace git-apply-delta with hand-rolled code (#1191)
• 54262a3 chore: update bundlewatch to track 'main' branch (#1190)
• f9c0d83 chore(build): fix `npm format` command (#1176)
• 1035d93 fix(pull): Cannot read property 'index' of undefined (#1189)
• 585c4f5 feat: Added 'renameBranch' command (#1175)
• b03f261 feat: Added 'listServerRefs' and 'getRemoteInfo2' commands (#1169)
• 33256b6 chore: fix generate-docs.js to use 'main' instead of 'master' (#1168)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic