[Snyk] Security upgrade npm from 5.6.0 to 7.21.0 #89
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ft/message-board/message-board-web/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
🎉 Snyk hasn't found any issues so far.✅ code/snyk check is completed. No issues were found. (View Details) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
openshift/message-board/message-board-web/package.jsonopenshift/message-board/message-board-web/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-MINIMATCH-3050818
Release notes
Package name: npm
-
7.21.0 - 2021-08-19
- fix: account for "licence" as spelling variant
- fix: treat top-level global packages as "top" nodes
- fix: load global symlinks implicitly as file: deps
- fix(reify): debug crash when extracting into symlink
- fix: node_modules must be a directory
- fix: make Node.children() a case-insensitive Map
- fix(reify): verify existing deps in nm are dirs
- fix: prune dirCache properly for unicode, windows
- fix: reserve paths properly for unicode, windows
- fix: prevent path escape using drive-relative paths
- fix: drop dirCache for symlink on all platforms
- update license list to v3.14
-
7.20.6 - 2021-08-12
- fix: reserve paths case-insensitively
- fix: normalize paths on Windows systems
- fix: better error message for duplicate workspace names
- [#3632] Fix "cannot read property path of null" error in 'npm dedupe'
- fix(shrinkwrap): always set name on the root node
-
7.20.5 - 2021-08-05
- fix: start retrying immediately, stop after 60 seconds
-
7.20.4 - 2021-08-05
- fix: properly handle top-level files when using strip
- Avoid an unlikely but theoretically possible redos
- WriteEntry backpressure
- fix(unpack): always resume parsing after an entry error
- fix(unpack): fix hang on large file on open() fail
- fix: properly prefix hard links
- Clear progress bar which overlays confirm prompt
- fix: start retrying immediately, stop after 10 attempts
-
7.20.3 - 2021-07-29
- Refactor ideal tree building to handle more complicated
- Do not modify ideal tree while checking if a peerSet can be placed.
-
7.20.2 - 2021-07-27
- fix: strip absolute paths more comprehensively
- fix: Remove paths from dirCache when no longer dirs
- add missing dependency to package.json
-
7.20.1 - 2021-07-22
- feat: load directories.bin as a bin object
- Drop support for node 6 and 8
-
7.20.0 - 2021-07-15
- fixes running prepare scripts for workspaces on reify
- ensure pacote always compares correct integrity values
- fix: retry socket timeout failures
- fix: clean up invalid indexes and content after cacache read errors
- fix: correctly handle error events that happen after response events
- fix: show more actionable messages for git pathspec errors
- fix: include all dep types when building for prepare
- fix: do not set mtime when unpacking
-
7.19.1 - 2021-07-01
-
7.19.0 - 2021-06-24
-
7.18.1 - 2021-06-17
-
7.18.0 - 2021-06-17
-
7.17.0 - 2021-06-10
-
7.16.0 - 2021-06-03
-
7.15.1 - 2021-05-31
-
7.15.0 - 2021-05-27
-
7.14.0 - 2021-05-20
-
7.13.0 - 2021-05-13
-
7.12.1 - 2021-05-10
-
7.12.0 - 2021-05-06
-
7.11.2 - 2021-04-29
-
7.11.1 - 2021-04-23
-
7.11.0 - 2021-04-23
-
7.10.0 - 2021-04-15
-
7.9.0 - 2021-04-08
-
7.8.0 - 2021-04-01
-
7.7.6 - 2021-03-29
-
7.7.5 - 2021-03-25
-
7.7.4 - 2021-03-24
-
7.7.3 - 2021-03-24
-
7.7.2 - 2021-03-24
-
7.7.1 - 2021-03-24
-
7.7.0 - 2021-03-23
-
7.6.3 - 2021-03-11
-
7.6.2 - 2021-03-09
-
7.6.1 - 2021-03-04
-
7.6.0 - 2021-02-25
-
7.5.6 - 2021-02-22
-
7.5.5 - 2021-02-22
-
7.5.4 - 2021-02-12
-
7.5.3 - 2021-02-08
-
7.5.2 - 2021-02-02
-
7.5.1 - 2021-02-01
-
7.5.0 - 2021-01-28
-
7.4.3 - 2021-01-21
-
7.4.2 - 2021-01-15
-
7.4.1 - 2021-01-14
-
7.4.0 - 2021-01-07
-
7.3.0 - 2020-12-18
-
7.2.0 - 2020-12-15
-
7.1.2 - 2020-12-11
-
7.1.1 - 2020-12-09
-
7.1.0 - 2020-12-04
-
7.0.15 - 2020-11-27
-
7.0.14 - 2020-11-23
-
7.0.13 - 2020-11-20
-
7.0.12 - 2020-11-17
-
7.0.11 - 2020-11-13
-
7.0.10 - 2020-11-10
-
7.0.9 - 2020-11-06
-
7.0.8 - 2020-11-03
-
7.0.7 - 2020-10-30
-
7.0.6 - 2020-10-27
-
7.0.5 - 2020-10-23
-
7.0.4 - 2020-10-23
-
7.0.3 - 2020-10-20
-
7.0.2 - 2020-10-16
-
7.0.1 - 2020-10-15
-
7.0.0 - 2020-10-13
-
7.0.0-rc.4 - 2020-10-09
-
7.0.0-rc.3 - 2020-10-06
-
7.0.0-rc.2 - 2020-10-02
-
7.0.0-rc.1 - 2020-10-02
-
7.0.0-rc.0 - 2020-10-01
-
7.0.0-beta.13 - 2020-09-29
-
7.0.0-beta.12 - 2020-09-22
-
7.0.0-beta.11 - 2020-09-16
-
7.0.0-beta.10 - 2020-09-08
-
7.0.0-beta.9 - 2020-09-04
-
7.0.0-beta.8 - 2020-09-01
-
7.0.0-beta.7 - 2020-08-25
-
7.0.0-beta.6 - 2020-08-21
-
7.0.0-beta.5 - 2020-08-18
-
7.0.0-beta.4 - 2020-08-11
-
7.0.0-beta.3 - 2020-08-10
-
7.0.0-beta.2 - 2020-08-07
-
7.0.0-beta.1 - 2020-08-05
-
7.0.0-beta.0 - 2020-08-04
-
6.14.18 - 2022-12-21
-
6.14.17 - 2022-04-28
-
6.14.16 - 2022-01-19
-
6.14.15 - 2021-08-24
-
6.14.14 - 2021-07-27
-
6.14.13 - 2021-04-12
-
6.14.12 - 2021-03-25
-
6.14.11 - 2021-01-08
-
6.14.10 - 2020-12-18
-
6.14.9 - 2020-11-20
-
6.14.8 - 2020-08-17
-
6.14.7 - 2020-07-21
-
6.14.6 - 2020-07-07
-
6.14.5 - 2020-05-04
-
6.14.4 - 2020-03-25
-
6.14.3 - 2020-03-19
-
6.14.2 - 2020-03-03
-
6.14.1 - 2020-02-27
-
6.14.0 - 2020-02-25
-
6.13.7 - 2020-01-28
-
6.13.6 - 2020-01-09
-
6.13.5 - 2020-01-09
-
6.13.4 - 2019-12-11
-
6.13.3 - 2019-12-10
-
6.13.2 - 2019-12-03
-
6.13.1 - 2019-11-18
-
6.13.0 - 2019-11-05
-
6.12.1 - 2019-10-29
-
6.12.0 - 2019-10-08
-
6.12.0-next.0 - 2019-09-26
-
6.11.3 - 2019-09-03
-
6.11.2 - 2019-08-22
-
6.11.1 - 2019-08-21
-
6.11.0 - 2019-08-20
-
6.10.3 - 2019-08-06
-
6.10.2 - 2019-07-23
-
6.10.2-next.3 - 2019-07-22
-
6.10.2-next.2 - 2019-07-21
-
6.10.2-next.1 - 2019-07-17
-
6.10.2-next.0 - 2019-07-16
-
6.10.1 - 2019-07-11
-
6.10.1-next.2 - 2019-07-10
-
6.10.1-next.1 - 2019-07-03
-
6.10.1-next.0 - 2019-07-03
-
6.10.0 - 2019-07-03
-
6.10.0-next.0 - 2019-07-01
-
6.9.2 - 2019-06-27
-
6.9.1-next.0 - 2019-03-20
-
6.9.0 - 2019-03-06
-
6.9.0-next.0 - 2019-02-21
-
6.8.0 - 2019-02-13
-
6.8.0-next.2 - 2019-02-07
-
6.8.0-next.1 - 2019-02-06
-
6.8.0-next.0 - 2019-01-31
-
6.7.0 - 2019-01-23
-
6.6.0 - 2019-01-17
-
6.6.0-next.1 - 2019-01-10
-
6.6.0-next.0 - 2018-12-12
-
6.5.0 - 2018-12-10
-
6.5.0-next.0 - 2018-11-28
-
6.4.1 - 2018-08-29
-
6.4.1-next.0 - 2018-08-23
-
6.4.0 - 2018-08-15
-
6.4.0-next.0 - 2018-08-09
-
6.3.0 - 2018-08-02
-
6.3.0-next.0 - 2018-07-25
-
6.2.0 - 2018-07-14
-
6.2.0-next.1 - 2018-07-05
-
6.2.0-next.0 - 2018-06-29
-
6.1.0 - 2018-05-24
-
6.1.0-next.0 - 2018-05-17
-
6.0.1 - 2018-05-10
-
6.0.1-next.0 - 2018-05-04
-
6.0.0 - 2018-04-24
-
6.0.0-next.2 - 2018-04-21
-
6.0.0-next.1 - 2018-04-13
-
6.0.0-next.0 - 2018-03-23
-
5.10.0 - 2018-05-11
-
5.10.0-next.1 - 2018-05-07
-
5.10.0-next.0 - 2018-04-13
-
5.9.0-next.0 - 2018-03-23
-
5.8.0 - 2018-03-23
-
5.8.0-next.0 - 2018-03-13
-
5.7.1 - 2018-02-22
-
5.7.0 - 2018-02-21
-
5.6.0 - 2017-11-28
from npm GitHub release notesv7.21.0 (2021-08-19)
FEATURES
ff34d6cd6#3592 feat(cache): initial implementation of ls and rm (@ fritzy)BUG FIXES
32e88c943#3640 fix(did-you-mean): switch levenshtein libraries (@ wraithgar)487731cd5#3658 fix(logging): sanitize logged argv (@ wraithgar)68a19bb02#3661 fix(error-message): look for er.path not er.file (@ wraithgar)DEPENDENCIES
df57f0d53@ npmcli/run-script@1.8.68183976cfnormalize-package-data@3.0.3:f07772401init-package-json@2.0.4991a3bd39read-package-json@4.0.0e9e5ee560@ npmcli/arborist@2.8.2:b6f40b5f8tar@6.1.10:218cacadcis-core-module@2.6.07ac621cd1smart-buffer@4.2.094f92de13make-fetch-happen@9.0.571cdfd898spdx-license-ids@3.0.10:v7.20.6 (2021-08-12)
DEPENDENCIES
5bebf280ftar@6.1.85d89de44dtar@6.1.7:a1bdbea97#3569 remove byte-size (@ wraithgar)61782fa85@ npmcli/map-workspaces@1.0.4:b88f770fa@ npmcli/arborist@2.8.1:DOCUMENTATION
001f2c1b7#3621 fix(docs): do not include certain files (@ AkiJoey)d1812f1a6#3630 fix(docs): update npm-publish access flag info (@ austincho)d5a099c7b#3615 fix(readme): add nvm-windows to installers links (@ Yash-Singh1)v7.20.5 (2021-08-05)
DEPENDENCIES
44377738egraceful-fs@4.2.8v7.20.4 (2021-08-05)
BUG FIXES
6a8086e25#3463 fix(tests): move more tests to use real npm (@ wraithgar)DEPENDENCIES
15fae4941tar@6.1.6:745326de0libnpmexec@2.0.1:e82bcd4e8graceful-fs@4.2.7:v7.20.3 (2021-07-29)
BUG FIXES
66dc5f94d#3588 update eresolve explanations for new arborist data provided99575acab#3591 fix(node_modules): remove duplicated file (@ wraithgar)DEPENDENCIES
97cb5ec31@ npmcli/arborist@2.8.0:peerDependencies use cases.
7db1a0a26chore(deps):mime-types@1.49.0mime-db@1.49.0v7.20.2 (2021-07-27)
DEPENDENCIES
f5aab1f88tar@6.1.1ce8fb0f69tar@6.1.2ced85087agauge@3.0.1BUG FIXES
009ad1e68#3561 fix(exit-handler): always warn if not called (@ wraithgar)eb67054c8#3563 fix(config): consolidate use of npm.color (@ wraithgar)DOCUMENTATION
a014f3d28#3562 fix(docs): typo innpm cmddocs (@ wraithgar)1fe1c9b74#3523 fix(docs): updated policy urls (@ DemiraDimitrova)DEPENDENCIES
d7f29e8c9read-package-json-fast@2.0.3:b1fefa73dnpmlog@5.0.0b6e09971aremove ignored files from node_modules ([@ Ruy Adorno](https://github.com/Ruy Adorno))cf737c505debug@4.3.2v7.20.0 (2021-07-15)
FEATURES
f17aca5cd#3487 feat: addnpm pkgcommand (@ ruyadorno)98905ae37#3471 feat(config): introducelocationparameter (@ nlf)BUG FIXES
4755b0728#3498 friendlier errors forERR_SOCKET_TIMEOUT(@ nlf)3ecf19cdc#3508 fix(config): fix noproxy (@ wraithgar)c3bd10e46#3499 fix(update-notifier): don't force black background (@ wraithgar)89483e888#3497 fix(usage): better audit/boolean flag usage output (@ wraithgar)feeb8e42a#3495 fix(publish): obey --ignore-scripts flag (@ wraithgar)103c8c3ef#3479 chore(exit): log any un-ended timings (@ wraithgar)efc4313c2#3482 chore(refactor): refactor exit handler and tests (@ wraithgar)d8eb49b70#3540 fix(bundle-and-ignore): case sensitivity cleanup (@ wraithgar)DOCUMENTATION
339145f64#3491 fix(docs): clarify what install type gets.bin(@ wraithgar)74c99755e#3494 fix(docs): add npm update example (@ wraithgar)801a52330#3542 fix(docs): correct Node.js JavaScript stylings (@ relrelb)791416713#3546 fix(docs): how to see background script output (@ cinderblock)DEPENDENCIES
691816f3d@ npmcli/arborist@2.7.1b9597e944make-fetch-happen@9.0.4f573e7c56minipass-fetch@1.3.42d5797ea0pacote@11.3.56.14.14 (2021-07-27)
DEPENDENCIES
4627c0670tar@4.4.15Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)