[Snyk] Security upgrade npm from 5.6.0 to 10.0.0

[Omrisnyk]

Snyk has created this PR to fix 23 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• openshift/message-board/message-board-web/package.json
• openshift/message-board/message-board-web/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uninitialized Memory Exposure npm:http-proxy-agent:20180406	257
	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	257
	Arbitrary File Overwrite SNYK-JS-TAR-174125	238
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	221
	Prototype Pollution SNYK-JS-Y18N-1021887	188
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	142
	Prototype Pollution SNYK-JS-MINIMIST-559764	137
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	131
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	121
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	119
	Arbitrary File Write SNYK-JS-TAR-1579147	97
	Arbitrary File Write SNYK-JS-TAR-1579152	97
	Arbitrary File Write SNYK-JS-TAR-1579155	97
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	95
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	95
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	63
	Prototype Pollution SNYK-JS-MINIMIST-2429795	60
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	45
	Regular Expression Denial of Service (ReDoS) npm:ssri:20180214	45
	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	41
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	40

Release notes

Package name: npm

• 10.0.0 - 2023-08-31
  

  10.0.0 (2023-08-31)

  ⚠️ BREAKING CHANGES

  • support for node 14 and 16 has been dropped. npm now supports node ^18.17.0 || >=20.5.0
  • npm no longer treats missing scripts as a special case in workspace mode. Use if-present to ignore missing scripts.
  • @ npmcli/agent is now used as the agent for network requests
  • the ci-name config has been removed
  • the hard-coded hashAlgorithm value is no longer being passed through flatOptions
  • the unused tmp config has been removed
  • the hard-coded metrics-registry config has been removed.
  • libnpmpublish will no longer attempt a single automatic retry on 409 responses during publish.
  • support for the strict RFC 8909 mode has been removed. this mode was only enabled when the environ NPM_PACKAGE_ARG_8909_STRICT=1 was set.

  Bug Fixes

  • e0d3edd #6641 remove "ci-name" config (@ wraithgar)
  • 0a71ebb #6641 stop retrying on 409 conflict (@ wraithgar)
  • 9344167 #135 remove strict 8909 mode (@ wraithgar)
  • b34ee65 #6706 set objectMode for search filter stream (@ lukekarrys)
  • f916d33 #6715 allow searching packages with no description (@ lukekarrys)
  • 0318f44 #6641 remove implicit if-present logic from run-script workspaces (@ wraithgar)
  • db91a77 #6641 remove "hashAlgorithm" from flatOptions (@ wraithgar)
  • ece52a3 #6641 remove "tmp" config (@ wraithgar)
  • 1f767aa #6641 remove metric-registry config (@ wraithgar)

  Documentation

  • c736b62 #6686 add missing bugs key in package-json.md (#6686) (@ airscripts)
  • c1e01d9 #6680 Update package-json.md (#6680) (@ p-chan, @ ljharb)
  • e5338af #6672 remove link to deprecated npm set-script command (#6672) (@ emmanuel-ferdman)

  Dependencies

  • 5ab3f7e #6706 @ npmcli/git@5.0.3
  • eb41977 #6706 @ npmcli/run-script@7.0.1
  • f30c9e3 #6706 @ npmcli/git@5.0.2
  • f334466 #6706 pacote@17.0.4
  • bb63bf9 #6706 @ npmcli/run-script@7.0.0
  • 75642c6 #6706 @ npmcli/promise-spawn@7.0.0
  • dbb18f4 #6706 @ npmcli/agent@2.1.0
  • 812aa6d #6706 sigstore@2.1.0
  • 7fab9d3 #6706 @ sigstore/tuf@2.1.0
  • 12337cc #6706 which@4.0.0
  • b1ad3ad #6706 npm-packlist@8.0.0
  • 43831d0 #6706 pacote@17.0.3
  • 44e8fec #6706 pacote@17.0.2
  • 0d2e2c9 #6706 bump sigstore from 1.7.0 to 2.0.0
  • dbd5885 #6706 npm-profile@9.0.0
  • 2ee0fb3 #6706 npm-registry-fetch@16.0.0
  • 81ff4df #6706 pacote@17.0.1
  • 2b23d44 #6706 hoist read-package-json@7.0.0
  • 325ed05 #6706 hoist normalize-package-data@6.0.0
  • c3a1a02 #6706 @ npmcli/metavuln-calculator@7.0.0
  • f1dd130 #6706 @ npmcli/git@5.0.1
  • 10792ea #6706 init-package-json@6.0.0
  • cac0725 #6706 pacote@17.0.0
  • fd8beaf #6706 npm-pick-manifest@9.0.0
  • 65f435e #6706 hoist lru-cache@10.0.1
  • c784b57 #6706 npm-package-arg@11.0.0
  • d6b1790 #6706 normalize-package-data@6.0.0
  • 2f03fb9 #6706 make-fetch-happen@13.0.0
  • 729e893 #6706 hosted-git-info@7.0.0
  • 7af81c7 #6706 cacache@18.0.0
  • b0849ab #6706 @ npmcli/package-json@5.0.0
  • c9587d7 #6706 @ npmcli/git@5.0.0
  • e28d426 #6706 minipass-fetch@3.0.4
  • 61e9b00 #6706 @ npmcli/metavuln-calculator@6.0.1
  • 2c5542d #6706 minipass@7.0.3
  • ede7f5e #6706 glob@10.3.3
  • 4c9eb17 #6706 npm-install-checks@6.2.0
  • 88ece81 #6706 npm-pick-manifest@8.0.2
  • 9117a4f #6706 ssri@10.0.5
  • 45f8d6f #6706 make-fetch-happen@12.0.0
  • f6f6a18 #6706 fs-minipass@3.0.3
  • 5eea975 #6706 cacache@17.1.4
  • ca33c98 #6706 @ npmcli/metavuln-calculator@6.0.0
  • 7be541a #6706 npm-profile@8.0.0
  • edbc25a #6706 pacote@16.0.0
  • 5d0d859 #6706 npm-registry-fetch@15.0.0
  • Workspace: @ npmcli/arborist@7.0.0
  • Workspace: @ npmcli/config@7.1.0
  • Workspace: libnpmaccess@8.0.0
  • Workspace: libnpmdiff@6.0.0
  • Workspace: libnpmexec@7.0.0
  • Workspace: libnpmfund@4.1.0
  • Workspace: libnpmhook@10.0.0
  • Workspace: libnpmorg@6.0.0
  • Workspace: libnpmpack@6.0.0
  • Workspace: libnpmpublish@9.0.0
  • Workspace: libnpmsearch@7.0.0
  • Workspace: libnpmteam@6.0.0
  • Workspace: libnpmversion@5.0.0
• 10.0.0-pre.1 - 2023-08-31
  

  10.0.0-pre.1 (2023-08-31)

  ⚠️ BREAKING CHANGES

  • support for node <=16.13 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed
  • support for node 14 has been removed

  Bug Fixes

  • b34ee65 #6706 set objectMode for search filter stream (@ lukekarrys)
  • 6b251b1 #6706 drop node 16.13.x support (@ lukekarrys)
  • d857c4a #6706 drop node14 support (@ lukekarrys)
  • 37a99eb #6706 drop node14 support (@ lukekarrys)
  • ee7292e #6706 drop node14 support (@ lukekarrys)
  • 8b0e755 #6706 drop node14 support (@ lukekarrys)
  • 5c8c6cc #6706 drop node14 support (@ lukekarrys)
  • d431647 #6706 drop node14 support (@ lukekarrys)
  • b6f2205 #6706 drop node14 support (@ lukekarrys)
  • 4caedd0 #6706 drop node14 support (@ lukekarrys)
  • 355bac8 #6706 drop node14 support (@ lukekarrys)
  • e3a377d #6706 drop node14 support (@ lukekarrys)
  • f916d33 #6715 allow searching packages with no description (@ lukekarrys)

  Documentation

  • c736b62 #6686 add missing bugs key in package-json.md (#6686) (@ airscripts)
  • c1e01d9 #6680 Update package-json.md (#6680) (@ p-chan, @ ljharb)

  Dependencies

  • 5ab3f7e #6706 @ npmcli/git@5.0.3
  • eb41977 #6706 @ npmcli/run-script@7.0.1
  • f30c9e3 #6706 @ npmcli/git@5.0.2
  • f334466 #6706 pacote@17.0.4
  • bb63bf9 #6706 @ npmcli/run-script@7.0.0
  • 75642c6 #6706 @ npmcli/promise-spawn@7.0.0
  • dbb18f4 #6706 @ npmcli/agent@2.1.0
  • 812aa6d #6706 sigstore@2.1.0
  • 7fab9d3 #6706 @ sigstore/tuf@2.1.0
  • 12337cc #6706 which@4.0.0
  • b1ad3ad #6706 npm-packlist@8.0.0
  • 43831d0 #6706 pacote@17.0.3
  • 44e8fec #6706 pacote@17.0.2
  • 0d2e2c9 #6706 bump sigstore from 1.7.0 to 2.0.0
  • dbd5885 #6706 npm-profile@9.0.0
  • 2ee0fb3 #6706 npm-registry-fetch@16.0.0
  • 81ff4df #6706 pacote@17.0.1
  • 2b23d44 #6706 hoist read-package-json@7.0.0
  • 325ed05 #6706 hoist normalize-package-data@6.0.0
  • c3a1a02 #6706 @ npmcli/metavuln-calculator@7.0.0
  • f1dd130 #6706 @ npmcli/git@5.0.1
  • 10792ea #6706 init-package-json@6.0.0
  • cac0725 #6706 pacote@17.0.0
  • fd8beaf #6706 npm-pick-manifest@9.0.0
  • 65f435e #6706 hoist lru-cache@10.0.1
  • c784b57 #6706 npm-package-arg@11.0.0
  • d6b1790 #6706 normalize-package-data@6.0.0
  • 2f03fb9 #6706 make-fetch-happen@13.0.0
  • 729e893 #6706 hosted-git-info@7.0.0
  • 7af81c7 #6706 cacache@18.0.0
  • b0849ab #6706 @ npmcli/package-json@5.0.0
  • c9587d7 #6706 @ npmcli/git@5.0.0
  • e28d426 #6706 minipass-fetch@3.0.4
  • 61e9b00 #6706 @ npmcli/metavuln-calculator@6.0.1
  • 2c5542d #6706 minipass@7.0.3
  • ede7f5e #6706 glob@10.3.3
  • 4c9eb17 #6706 npm-install-checks@6.2.0
  • 88ece81 #6706 npm-pick-manifest@8.0.2
  • 9117a4f #6706 ssri@10.0.5
  • 45f8d6f #6706 make-fetch-happen@12.0.0
  • f6f6a18 #6706 fs-minipass@3.0.3
  • 5eea975 #6706 cacache@17.1.4
  • ca33c98 #6706 @ npmcli/metavuln-calculator@6.0.0
  • 7be541a #6706 npm-profile@8.0.0
  • edbc25a #6706 pacote@16.0.0
  • 5d0d859 #6706 npm-registry-fetch@15.0.0
  • Workspace: @ npmcli/arborist@7.0.0-pre.0
  • Workspace: @ npmcli/config@7.0.1
  • Workspace: libnpmaccess@8.0.0-pre.0
  • Workspace: libnpmdiff@6.0.0-pre.0
  • Workspace: libnpmexec@7.0.0-pre.0
  • Workspace: libnpmfund@4.0.20
  • Workspace: libnpmhook@10.0.0-pre.0
  • Workspace: libnpmorg@6.0.0-pre.0
  • Workspace: libnpmpack@6.0.0-pre.0
  • Workspace: libnpmpublish@9.0.0-pre.0
  • Workspace: libnpmsearch@7.0.0-pre.0
  • Workspace: libnpmteam@6.0.0-pre.0
  • Workspace: libnpmversion@5.0.0-pre.0
• 10.0.0-pre.0 - 2023-07-26
• 9.9.4 - 2024-12-09
• 9.9.3 - 2024-02-28
• 9.9.2 - 2023-11-15
• 9.9.1 - 2023-11-07
• 9.9.0 - 2023-10-06
• 9.8.1 - 2023-07-19
• 9.8.0 - 2023-07-05
• 9.7.2 - 2023-06-21
• 9.7.1 - 2023-06-07
• 9.7.0 - 2023-05-31
• 9.6.7 - 2023-05-18
• 9.6.6 - 2023-05-03
• 9.6.5 - 2023-04-19
• 9.6.4 - 2023-04-05
• 9.6.3 - 2023-03-30
• 9.6.2 - 2023-03-15
• 9.6.1 - 2023-03-08
• 9.6.0 - 2023-03-02
• 9.5.1 - 2023-02-22
• 9.5.0 - 2023-02-15
• 9.4.2 - 2023-02-07
• 9.4.1 - 2023-02-02
• 9.4.0 - 2023-01-25
• 9.3.1 - 2023-01-17
• 9.3.0 - 2023-01-12
• 9.2.0 - 2022-12-07
• 9.1.3 - 2022-11-30
• 9.1.2 - 2022-11-16
• 9.1.1 - 2022-11-09
• 9.1.0 - 2022-11-02
• 9.0.1 - 2022-10-26
• 9.0.0 - 2022-10-19
• 9.0.0-pre.6 - 2022-10-19
• 9.0.0-pre.5 - 2022-10-13
• 9.0.0-pre.4 - 2022-10-05
• 9.0.0-pre.3 - 2022-09-30
• 9.0.0-pre.2 - 2022-09-23
• 9.0.0-pre.1 - 2022-09-14
• 9.0.0-pre.0 - 2022-09-12
• 8.19.4 - 2023-02-14
• 8.19.3 - 2022-11-03
• 8.19.2 - 2022-09-13
• 8.19.1 - 2022-09-01
• 8.19.0 - 2022-08-31
• 8.18.0 - 2022-08-17
• 8.17.0 - 2022-08-10
• 8.16.0 - 2022-08-03
• 8.15.1 - 2022-07-27
• 8.15.0 - 2022-07-20
• 8.14.0 - 2022-07-13
• 8.13.2 - 2022-06-29
• 8.13.1 - 2022-06-23
• 8.13.0 - 2022-06-22
• 8.12.2 - 2022-06-15
• 8.12.1 - 2022-06-02
• 8.12.0 - 2022-06-01
• 8.11.0 - 2022-05-25
• 8.10.0 - 2022-05-11
• 8.9.0 - 2022-05-04
• 8.8.0 - 2022-04-27
• 8.7.0 - 2022-04-14
• 8.6.0 - 2022-03-31
• 8.5.5 - 2022-03-17
• 8.5.4 - 2022-03-10
• 8.5.3 - 2022-03-03
• 8.5.2 - 2022-02-24
• 8.5.1 - 2022-02-17
• 8.5.0 - 2022-02-10
• 8.4.1 - 2022-02-03
• 8.4.0 - 2022-01-27
• 8.3.2 - 2022-01-20
• 8.3.1 - 2022-01-13
• 8.3.0 - 2021-12-09
• 8.2.0 - 2021-12-02
• 8.1.4 - 2021-11-18
• 8.1.3 - 2021-11-04
• 8.1.2 - 2021-10-28
• 8.1.1 - 2021-10-21
• 8.1.0 - 2021-10-14
• 8.0.0 - 2021-10-07
• 7.24.2 - 2021-10-04
• 7.24.1 - 2021-09-23
• 7.24.0 - 2021-09-16
• 7.23.0 - 2021-09-09
• 7.22.0 - 2021-09-02
• 7.21.1 - 2021-08-26
• 7.21.0 - 2021-08-19
• 7.20.6 - 2021-08-12
• 7.20.5 - 2021-08-05
• 7.20.4 - 2021-08-05
• 7.20.3 - 2021-07-29
• 7.20.2 - 2021-07-27
• 7.20.1 - 2021-07-22
• 7.20.0 - 2021-07-15
• 7.19.1 - 2021-07-01
• 7.19.0 - 2021-06-24
• 7.18.1 - 2021-06-17
• 7.18.0 - 2021-06-17
• 7.17.0 - 2021-06-10
• 7.16.0 - 2021-06-03
• 7.15.1 - 2021-05-31
• 7.15.0 - 2021-05-27
• 7.14.0 - 2021-05-20
• 7.13.0 - 2021-05-13
• 7.12.1 - 2021-05-10
• 7.12.0 - 2021-05-06
• 7.11.2 - 2021-04-29
• 7.11.1 - 2021-04-23
• 7.11.0 - 2021-04-23
• 7.10.0 - 2021-04-15
• 7.9.0 - 2021-04-08
• 7.8.0 - 2021-04-01
• 7.7.6 - 2021-03-29
• 7.7.5 - 2021-03-25
• 7.7.4 - 2021-03-24
• 7.7.3 - 2021-03-24
...

[Omrisnyk]

⚠️ Snyk checks are incomplete. No issues have been found so far.

⚠️ security/snyk check encountered an error. (View Details)

⚠️ license/snyk check encountered an error. (View Details)

✅ code/snyk check is complete. No issues have been found. (View Details)