[Snyk] Security upgrade npm from 5.6.0 to 6.10.1

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • openshift/message-board/message-board-web/package.json
  • openshift/message-board/message-board-web/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	165/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00303, Social Trends: No, Days since published: 1384, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit	No Path Found
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00348, Social Trends: No, Days since published: 961, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept	No Path Found
	107/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00165, Social Trends: No, Days since published: 1812, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.89, Score Version: V5	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit	No Path Found
	97/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00083, Social Trends: No, Days since published: 725, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 1.45, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit	No Path Found
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00384, Social Trends: No, Days since published: 898, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 1.9, Score Version: V5	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit	No Path Found
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0015, Social Trends: No, Days since published: 560, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit	No Path Found
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 771, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept	No Path Found
	137/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1511, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.42, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept	No Path Found
	160/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00877, Social Trends: No, Days since published: 513, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.66, Score Version: V5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept	No Path Found
	45/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00205, Social Trends: No, Days since published: 2112, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.9, Score Version: V5	Insecure Randomness npm:cryptiles:20180710	Yes	No Known Exploit	No Path Found
	107/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0039, Social Trends: No, Days since published: 2108, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.9, Score Version: V5	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit	No Path Found
	141/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01021, Social Trends: No, Days since published: 2267, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.5, Score Version: V5	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept	No Path Found
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0017, Social Trends: No, Days since published: 2213, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept	No Path Found
	202/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Physical, EPSS: 0.00211, Social Trends: No, Days since published: 2179, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.87, Score Version: V5	Uninitialized Memory Exposure npm:stringstream:20180511	Yes	Mature	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: npm

• 6.10.1 - 2019-07-11
  

  BUGFIXES

  • 3cbd57712 fix(git): strip GIT environs when running git (@ isaacs)
  • a81a8c4c4 #206 improve isOnly(Dev,Optional) (@ larsgw)
  • 172f9aca6 #179 fix-xmas-underline (@ raywu0123)
  • f52673fc7 #212 build: use /usr/bin/env to load bash (@ rsmarples)

  DEPENDENCIES

  • ef4445ad3 #208 node-gyp@5.0.2 (@ irega)
  • c0d611356 npm-lifecycle@3.0.0 (@ isaacs)
  • 7716ba972 libcipm@4.0.0 (@ isaacs)
  • 42d22e837 libnpm@3.0.0 (@ isaacs)
  • a2ea7f9ff semver@5.7.0 (@ isaacs)
  • 429226a5e lru-cache@5.1.1 (@ isaacs)
  • 175670ea6 npm-registry-fetch@3.9.1: (@ isaacs)
  • 0d0517f7f call-limit@1.1.1 (@ isaacs)
  • 741400429 glob@7.1.4 (@ isaacs)
  • bddd60e30 inherits@2.0.4 (@ isaacs)
  • 4acf03fd1 libnpmsearch@2.0.1 (@ isaacs)
  • c2bd17291 marked@0.6.3 (@ isaacs)
  • 7f0221bb1 marked-man@0.6.0 (@ isaacs)
  • f458fe7dd npm-lifecycle@2.1.1 (@ isaacs)
  • 009752978 node-gyp@4.0.0 (@ isaacs)
  • 0fa2bb438 query-string@6.8.1 (@ isaacs)
  • b86450929 tar-stream@2.1.0 (@ isaacs)
  • 25db00fe9 worker-farm@1.7.0 (@ isaacs)
  • 8dfbe8610 readable-stream@3.4.0 (@ isaacs)
  • f6164d5dd isaacs/chownr#21 isaacs/chownr#20 npm.community#7901 npm.community#8203 chownr@1.1.2 This fixes an EISDIR error from cacache on Darwin in Node versions prior to 10.6. (@ isaacs)
• 6.10.1-next.2 - 2019-07-10
  

  6.10.1-next.2

• 6.10.1-next.1 - 2019-07-03
  

  6.10.1-next.1

• 6.10.1-next.0 - 2019-07-03
  

  6.10.1-next.0

• 6.10.0 - 2019-07-03
  

  FEATURES

  • 87fef4e35 #176 fix: Always return JSON for outdated --json (@ sreeramjayan)
  • f101d44fc #203 fix(unpublish): add space after hyphen (@ ffflorian)
  • a4475de4c #202 enable production flag for npm audit (@ CalebCourier)
  • d192904d0 #178 fix: Return a value for view when in silent mode (@ stayradiated)
  • 39d473adf #185 Allow git to follow global tagsign config (@ junderw)

  BUGFIXES

  • d9238af0b #201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)
  • 4bec4f111 #200 Check for node (as well as node.exe) in npm's local dir on Windows (@ rgoulais)
  • ce93dab2d #180 npm.community#6187 Fix handling of remote deps in npm outdated (@ larsgw)

  TESTING

  • a823f3084 travis: Update to include new v12 LTS (@ isaacs)
  • 33e2d1dac fix flaky debug-logs test (@ isaacs)
  • e9411c6cd Don't time out waiting for gpg user input (@ isaacs)
  • d2d301704 #195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)
  • a4dc34243 parallel tests (@ isaacs)

  DOCUMENTATION

  • f5857e263 #192 Clarify usage of bundledDependencies (@ john-osullivan)
  • 747fdaf66 #159 doc: add --audit-level param (@ ngraef)

  DEPENDENCIES

  • e36b3c320 graceful-fs@4.2.0 (@ isaacs)
  • 6bb935c09 read-package-tree@5.3.1 (@ isaacs)
    • e9cd536 Use custom caching realpath implementation, dramatically reducing lstat calls when reading the package tree (@ isaacs)
  • 39538b460 write-file-atomic@2.4.3 (@ isaacs)
    • f8b1552 #38 Ignore errors raised by fs.closeSync (@ lukeapage)
  • 042193069 pacote@9.5.1 (@ isaacs)
    • 8bbd051 #172 limit git retry times, avoid unlimited retries (小秦)
    • 92f5e4c #170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)
  • 8bd8e909f cacache@11.3.3 (@ isaacs)
    • 47de8f5 #146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)
    • 5156561 fix(write): avoid a cb never called situation (@ zkat)
    • 90f40f0 #166 #165 docs: Fix docs for path property in get.info (@ hdgarrood)
  • bf61c45c6 bluebird@3.5.5 (@ isaacs)
  • f75d46a9d tar@4.4.10 (@ isaacs)
    • c80341a #215 Fix encoding/decoding of base-256 numbers (@ justfalter)
    • 77522f0 #204 #214 Use stat instead of lstat when checking CWD (@ stkb)
  • ec6236210 npm-packlist@1.4.4 (@ isaacs)
    • 63d1e3e #30 Sort package tarball entries by file type for compression benefits (@ isaacs)
    • 7fcd045 Ignore .DS_Store files as well as folders (@ isaacs)
    • 68b7c96 Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)
  • 57bef61bc update fstream in node-gyp (@ isaacs)
    • Addresses security advisory #886
  • acbbf7eee #183 licensee@7.0.2 (@ kemitchell)
  • 011ae67f0 readable-stream@3.3.0 (@ isaacs)
  • f5e884909 npm-registry-mock@1.2.1 (@ isaacs)
  • b57d07e35 npm-registry-couchapp@2.7.2 (@ isaacs)
• 6.10.0-next.0 - 2019-07-01
  

  FEATURES

  • 87fef4e35 #176 fix: Always return JSON for outdated --json (@ sreeramjayan)
  • f101d44fc #203 fix(unpublish): add space after hyphen (@ ffflorian)
  • a4475de4c #202 enable production flag for npm audit (@ CalebCourier)
  • d192904d0 #178 fix: Return a value for view when in silent mode (@ stayradiated)
  • 39d473adf #185 Allow git to follow global tagsign config (@ junderw)

  BUGFIXES

  • d9238af0b #201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)
  • 4bec4f111 #200 Check for node (as well as node.exe) in npm's local dir on Windows (@ rgoulais)
  • ce93dab2d #180 npm.community#6187 Fix handling of remote deps in npm outdated (@ larsgw)

  TESTING

  • a823f3084 travis: Update to include new v12 LTS (@ isaacs)
  • 33e2d1dac fix flaky debug-logs test (@ isaacs)
  • e9411c6cd Don't time out waiting for gpg user input (@ isaacs)
  • d2d301704 #195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)
  • a4dc34243 parallel tests (@ isaacs)

  DOCUMENTATION

  • f5857e263 #192 Clarify usage of bundledDependencies (@ john-osullivan)
  • 747fdaf66 #159 doc: add --audit-level param (@ ngraef)

  DEPENDENCIES

  • e36b3c320 graceful-fs@4.2.0 (@ isaacs)
  • 6bb935c09 read-package-tree@5.3.1 (@ isaacs)
    • e9cd536 Use custom caching realpath implementation, dramatically reducing lstat calls when reading the package tree (@ isaacs)
  • 39538b460 write-file-atomic@2.4.3 (@ isaacs)
    • f8b1552 #38 Ignore errors raised by fs.closeSync (@ lukeapage)
  • 042193069 pacote@9.5.1 (@ isaacs)
    • 8bbd051 #172 limit git retry times, avoid unlimited retries (小秦)
    • 92f5e4c #170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)
  • 8bd8e909f cacache@11.3.3 (@ isaacs)
    • 47de8f5 #146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)
    • 5156561 fix(write): avoid a cb never called situation (@ zkat)
    • 90f40f0 #166 #165 docs: Fix docs for path property in get.info (@ hdgarrood)
  • bf61c45c6 bluebird@3.5.5 (@ isaacs)
  • f75d46a9d tar@4.4.10 (@ isaacs)
    • c80341a #215 Fix encoding/decoding of base-256 numbers (@ justfalter)
    • 77522f0 #204 #214 Use stat instead of lstat when checking CWD (@ stkb)
  • ec6236210 npm-packlist@1.4.4 (@ isaacs)
    • 63d1e3e #30 Sort package tarball entries by file type for compression benefits (@ isaacs)
    • 7fcd045 Ignore .DS_Store files as well as folders (@ isaacs)
    • 68b7c96 Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)
  • 57bef61bc update fstream in node-gyp (@ isaacs)
    • Addresses security advisory #886
  • acbbf7eee #183 licensee@7.0.2 (@ kemitchell)
  • 011ae67f0 readable-stream@3.3.0 (@ isaacs)
  • f5e884909 npm-registry-mock@1.2.1 (@ isaacs)
  • b57d07e35 npm-registry-couchapp@2.7.2 (@ isaacs)
• 6.9.2 - 2019-06-27
  

  This release is identical to v6.9.1, but we had to publish a new version due to a .git directory in the release.

• 6.9.1-next.0 - 2019-03-20
  

  v6.9.1 (2019-03-20):

  BUGFIXES

  • 6b1a9da0e #165 Update knownBroken version. (@ ljharb)
  • d07547154 npm.community#5929 Fix outdated rendering for global dependencies. (@ zkat)
  • e4a1f1745 npm.community#6259 Fix OTP for token create and remove. (@ zkat)

  DEPENDENCIES

  • a163a9c35 sha@3.0.0 (@ aeschright)
  • 47b08b3b9 query-string@6.4.0 (@ aeschright)
  • d6a956cff readable-stream@3.2.0 (@ aeschright)
  • 10b8bed2b tacks@1.3.0 (@ aeschright)
  • e7483704d tap@12.6.0 (@ aeschright)
  • 3242fe698 tar-stream@2.0.1 (@ aeschright)
• 6.9.0 - 2019-03-06
  

  FEATURES

  • 2ba3a0f67 #90 Time traveling installs using the --before flag. (@ zkat)
  • b7b54f2d1 #3 Add support for package aliases. This allows packages to be installed under a different directory than the package name listed in package.json, and adds a new dependency type to allow this to be done for registry dependencies. (@ zkat)
  • 684bccf06 #146 Always save package-lock.json when using --package-lock-only. (@ aeschright)
  • b8b8afd40 #139 Make empty-string run-scripts run successfully as a no-op. (@ vlasy)
  • 8047b19b1 npm.community#3784 Match git semver ranges when flattening the tree. (@ larsgw)
  • e135c2bb3 npm.community#1725 Re-enable updating local packages. (@ larsgw)

  BUGFIXES

  • cf09fbaed #153 Set modified to undefined in npm view when time is not available. This fixes a bug where npm view would crash on certain third-party registries. (@ simonua)
  • 774fc26ee #154 Print out tar version in install.sh only when the flag is supported not all the tar implementations support --version flag. This allows the install script to work in OpenBSD, for example. (@ agudulin)
  • 863baff11 #158 Fix typo in error message for npm stars. (@ phihag)
  • a805a95ad npm.community#4227 Strip version info from pkg on E404. This improves the error messaging format. (@ larsgw)

  DOCS

  • 5d7633833 #160 Add npm add as alias to npm install in docs. (@ ahasall)
  • 489c2211c #162 Fix link to RFC #10 in the changelog. (@ mansona)
  • 433020ead #135 Describe exit codes in npm-audit docs. (@ emilis-tm)

  DEPENDENCIES

  • ee6b6746b zkat/make-fetch-happen#29 agent-base@4.2.1 (@ TooTallNate)
  • 2ce23baf5 lock-verify@2.1.0: Adds support for package aliases (@ zkat)
  • baaedbc6e pacote@9.5.0: Adds opts.before support (@ zkat)
  • 57e771a03 #164 licensee@6.1.0 (@ kemitchell)
  • 2b78288d4 add core to default inclusion tests in pack (@ zkat)
  • 9b8b6513f npm.community#5382 npm-packlist@1.4.1: Fixes bug where core/ directories were being suddenly excluded. (@ zkat)
• 6.9.0-next.0 - 2019-02-21
• 6.8.0 - 2019-02-13
• 6.8.0-next.2 - 2019-02-07
• 6.8.0-next.1 - 2019-02-06
• 6.8.0-next.0 - 2019-01-31
• 6.7.0 - 2019-01-23
• 6.6.0 - 2019-01-17
• 6.6.0-next.1 - 2019-01-10
• 6.6.0-next.0 - 2018-12-12
• 6.5.0 - 2018-12-10
• 6.5.0-next.0 - 2018-11-28
• 6.4.1 - 2018-08-29
• 6.4.1-next.0 - 2018-08-23
• 6.4.0 - 2018-08-15
• 6.4.0-next.0 - 2018-08-09
• 6.3.0 - 2018-08-02
• 6.3.0-next.0 - 2018-07-25
• 6.2.0 - 2018-07-14
• 6.2.0-next.1 - 2018-07-05
• 6.2.0-next.0 - 2018-06-29
• 6.1.0 - 2018-05-24
• 6.1.0-next.0 - 2018-05-17
• 6.0.1 - 2018-05-10
• 6.0.1-next.0 - 2018-05-04
• 6.0.0 - 2018-04-24
• 6.0.0-next.2 - 2018-04-21
• 6.0.0-next.1 - 2018-04-13
• 6.0.0-next.0 - 2018-03-23
• 5.10.0 - 2018-05-11
• 5.10.0-next.1 - 2018-05-07
• 5.10.0-next.0 - 2018-04-13
• 5.9.0-next.0 - 2018-03-23
• 5.8.0 - 2018-03-23
• 5.8.0-next.0 - 2018-03-13
• 5.7.1 - 2018-02-22
• 5.7.0 - 2018-02-21
• 5.6.0 - 2017-11-28

from npm GitHub release notes

Commit messages

Package name: npm

The new version differs by 250 commits.

• ba7f146 6.10.1
• 5f0064d doc: update semver documentation
• 9a693d0 6.10.1-next.2
• 6ec8233 update AUTHORS
• 1db001f docs: changelog for 6.10.1
• ff5458a Replaced var with const for root.js
• 7c92800 Replace var with const for unbuild.js
• f52673f build: use /usr/bin/env to load bash
• a2ea7f9 semver@5.7.0
• 42d22e8 libnpm@3.0.0
• 7716ba9 libcipm@4.0.0
• c0d6113 npm-lifecycle@3.0.0
• ef4445a node-gyp@5.0.2
• c2a4aed 6.10.1-next.1
• 61b2beb update AUTHORS
• a7f1665 docs: add chownr@1.1.2 to 6.10.1 changelog
• f6164d5 chownr@1.1.2
• 08e0fa6 6.10.1-next.0
• 900e8f6 update AUTHORS
• 3013a2d doc: changelog for 6.10.1
• 027742e mailmap: Fix 'isaacs' for the gen-changelog script
• 172f9ac fix-xmas-underline
• a81a8c4 install: improve isOnly(Dev,Optional)
• 8dfbe86 readable-stream@3.4.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Insecure Randomness