[Snyk] Upgrade npm from 6.0.0 to 6.11.1

[snyk-bot]

Snyk have raised this PR to upgrade npm from 6.0.0 to 6.11.1.

• The recommended version is 43 versions ahead of your current version.
• The recommended version was released 9 days ago, on 2019-08-21.

The recommended version fixes:

Severity	Title	Issue ID
	Arbitrary File Overwrite	SNYK-JS-FSTREAM-174725
	Arbitrary File Overwrite	SNYK-JS-TAR-174125
	Arbitrary File Overwrite	SNYK-JS-TAR-174125
	Prototype Pollution	npm:deep-extend:20180409
	Prototype Pollution	npm:extend:20180424
	Uninitialized Memory Exposure	npm:https-proxy-agent:20180402
	Time of Check Time of Use (TOCTOU)	npm:chownr:20180731
	Insecure Randomness	npm:cryptiles:20180710
	Prototype Pollution	npm:lodash:20180130
	Uninitialized Memory Exposure	npm:stringstream:20180511

Release notes

• 6.11.1 - 2019-08-21

  6.11.1 (2019-08-20):

  Fix a regression for windows command shim syntax.

  • 37db29647 cmd-shim@3.0.2 (@isaacs)
• 6.11.0 - 2019-08-20

  v6.11.0 (2019-08-20):

  A few meaty bugfixes, and introducing peerDependenciesMeta.

  FEATURES

  • a12341088 #224 Implements peerDependenciesMeta (@arcanis)
  • 2f3b79bba #234 add new forbidden 403 error code (@claudiahdz)

  BUGFIXES

  • 24acc9fc8 and 45772af0d #217 npm.community#8863 npm.community#9327 do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages (@isaacs and @salomvary)
  • 50cfe113d #229 fixed typo in semver doc (@gall0ws)
  • e8fb2a1bd #231 Fix spelling mistakes in CHANGELOG-3.md (@XhmikosR)
  • 769d2e057 npm/uid-number#7 Better error on invalid --user/--group configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. (@isaacs)
  • 8b43c9624 nodejs/node#28987 npm.community#6032 npm.community#6658 npm.community#6069 npm.community#9323 Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. (@isaacs)
  • 8b85eaa47 save files with inferred ownership rather than relying on SUDO_UID and SUDO_GID. (@isaacs)
  • b7f6e5f02 Infer ownership of shrinkwrap files (@isaacs)
  • 54b095d77 #235 Add spec to dist-tag remove function (@theberbie)

  DEPENDENCIES

  • dc8f9e52f pacote@9.5.7: Infer the ownership of all unpacked files in node_modules, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. (@isaacs)
  • bb33940c3 cmd-shim@3.0.0:
    • 9c93ac3 #2 npm#3380 Handle environment variables properly (@basbossink)
    • 2d277f8 #25 #36 #35 Fix 'no shebang' case by always providing $basedir in shell script (@igorklopov)
    • adaf20b #26 Fix $* causing an error when arguments contain parentheses (@satazor)
    • 49f0c13 #30 Fix paths for MSYS/MINGW bash (@dscho)
    • 51a8af3 #34 Add proper support for PowerShell (@ExE-Boss)
    • 4c37e04 #10 Work around quoted batch file names (@isaacs)
  • a4e279544 npm-lifecycle@3.1.3 (@isaacs):
    • fail properly if uid-number raises an error
  • 7086a1809 libcipm@4.0.3 (@isaacs)
  • 8845141f9 read-package-json@2.1.0 (@isaacs)
  • 51c028215 bin-links@1.1.3 (@isaacs)
  • 534a5548c read-cmd-shim@1.0.3 (@isaacs)
  • 3038f2fd5 gentle-fs@2.2.1 (@isaacs)
  • a609a1648 graceful-fs@4.2.2 (@isaacs)
  • f0346f754 cacache@12.0.3 (@isaacs)
  • ca9c615c8 npm-pick-manifest@3.0.0 (@isaacs)
  • b417affbf pacote@9.5.8 (@isaacs)

  TESTS

  • b6df0913c #228 Proper handing of /usr/bin/node lifecycle-path test (@olivr70)
  • aaf98e88c npm-registry-mock@1.3.0 (@isaacs)
• 6.10.3 - 2019-08-06

  v6.10.3 (2019-08-06):

  BUGFIXES

  • 27cccfbda #223 vulns → vulnerabilities in npm audit output (@sapegin)
  • d5e865eb7 #222 #226 install, doctor: don't crash if registry unset (@dmitrydvorkin, @isaacs)
  • 5b3890226 #227 npm.community#9167 Handle unhandledRejections, tell user what to do when encountering an EACCES error in the cache. (@isaacs)

  DEPENDENCIES

  • 77516df6e licensee@7.0.3 (@isaacs)
  • ceb993590 query-string@6.8.2 (@isaacs)
  • 4050b9189 hosted-git-info@2.8.2
    • #46 #43 #47 #44 Add support for GitLab subgroups (@mterrel, @isaacs, @ybiquitous)
    • 3b1d629 #48 fix http protocol using sshurl by default (@fengmk2)
    • 5d4a8d7 ignore noCommittish on tarball url generation (@isaacs)
    • 1692435 use gist tarball url that works for anonymous gists (@isaacs)
    • d5cf830 Do not allow invalid gist urls (@isaacs)
    • e518222 Use LRU cache to prevent unbounded memory consumption (@iarna)
• 6.10.2 - 2019-07-23

  v6.10.2 (2019-07-23):

  tl;dr - Fixes several issues with the cache when npm is run as sudo on Unix systems.

  TESTING

  • 2a78b96f8 check test cache for root-owned files (@isaacs)
  • 108646ebc run sudo tests on Travis-CI (@isaacs)
  • cf984e946 set --no-esm tap flag (@isaacs)
  • 8e0a3100d add script to run tests and leave fixtures for inspection and debugging (@isaacs)

  BUGFIXES

  • 25f4f73f6 add a util for writing arbitrary files to cache This prevents metrics timing and debug logs from becoming root-owned. (@isaacs)
  • 2c61ce65d infer cache owner from parent dir in correct-mkdir util (@isaacs)
  • 235e5d6df ensure correct owner on cached all-packages metadata (@isaacs)
  • e2d377bb6 npm.community#8540 audit: report server error on failure (@isaacs)
  • 52576a39e #216 npm.community#5385 npm.community#6076 Fix npm ci with file: dependencies. Partially reverts #40/#86, recording dependencies of linked deps in order for npm ci to work. (@jfirebaugh)

  DEPENDENCIES

  • 0fefdee13 cacache@12.0.2 (@isaacs)
    • infer uid/gid instead of accepting as options, preventing the overwhelming majority of cases where root-owned files end up in the cache folder. (ac84d14) (@isaacs) (#1)
    • i18n: add another error message (676cb32) (@zkat)
  • e1d87a392 pacote@9.5.4 (@isaacs)
    • git: ensure stream failures are reported (7f07b5d) #1 (@lddubeau)
  • 3f035bf09 infer-owner@1.0.4 (@isaacs)
  • ba3283112 npm-registry-fetch@4.0.0 (@isaacs)
  • ee90c334d libnpm@3.0.1 (@isaacs)
  • 1e480c384 libnpmaccess@3.0.2 (@isaacs)
  • 7662ee850 libnpmhook@5.0.3 (@isaacs)
  • 1357fadc6 libnpmorg@1.0.1 (@isaacs)
  • a621b5cb6 libnpmsearch@2.0.2 (@isaacs)
  • 560cd31dd libnpmteam@1.0.2 (@isaacs)
  • de7ae0867 npm-profile@4.0.2 (@isaacs)
  • e95da463c libnpm@3.0.1 (@isaacs)
  • 554b641d4 npm-registry-fetch@4.0.0 (@isaacs)
  • 06772f34a node-gyp@5.0.3 (@isaacs)
  • 85358db80 npm-lifecycle@3.1.2 (@isaacs)
    • 051cf20 #26 fix switches for alternative shells on Windows (@gucong3000)
    • 3aaf954 #25 set only one PATH env variable for child process on Windows (@zkochan)
    • ea18ed2 #36 #11 #18 remove procInterrupt listener on SIGINT in procError (@mattshin)
    • 5523951 #29 #30 Use platform specific path casing if present (@mattezell)
• 6.10.2-next.3 - 2019-07-22

  6.10.2-next.3

• 6.10.2-next.2 - 2019-07-21

  v6.10.2-next.2

• 6.10.2-next.1 - 2019-07-17

  6.10.2-next.1

• 6.10.2-next.0 - 2019-07-16

  v6.10.2-next.0

• 6.10.1 - 2019-07-11

  BUGFIXES

  • 3cbd57712 fix(git): strip GIT environs when running git (@isaacs)
  • a81a8c4c4 #206 improve isOnly(Dev,Optional) (@larsgw)
  • 172f9aca6 #179 fix-xmas-underline (@raywu0123)
  • f52673fc7 #212 build: use /usr/bin/env to load bash (@rsmarples)

  DEPENDENCIES

  • ef4445ad3 #208 node-gyp@5.0.2 (@irega)
  • c0d611356 npm-lifecycle@3.0.0 (@isaacs)
  • 7716ba972 libcipm@4.0.0 (@isaacs)
  • 42d22e837 libnpm@3.0.0 (@isaacs)
  • a2ea7f9ff semver@5.7.0 (@isaacs)
  • 429226a5e lru-cache@5.1.1 (@isaacs)
  • 175670ea6 npm-registry-fetch@3.9.1: (@isaacs)
  • 0d0517f7f call-limit@1.1.1 (@isaacs)
  • 741400429 glob@7.1.4 (@isaacs)
  • bddd60e30 inherits@2.0.4 (@isaacs)
  • 4acf03fd1 libnpmsearch@2.0.1 (@isaacs)
  • c2bd17291 marked@0.6.3 (@isaacs)
  • 7f0221bb1 marked-man@0.6.0 (@isaacs)
  • f458fe7dd npm-lifecycle@2.1.1 (@isaacs)
  • 009752978 node-gyp@4.0.0 (@isaacs)
  • 0fa2bb438 query-string@6.8.1 (@isaacs)
  • b86450929 tar-stream@2.1.0 (@isaacs)
  • 25db00fe9 worker-farm@1.7.0 (@isaacs)
  • 8dfbe8610 readable-stream@3.4.0 (@isaacs)
  • f6164d5dd isaacs/chownr#21 isaacs/chownr#20 npm.community#7901 npm.community#8203 chownr@1.1.2 This fixes an EISDIR error from cacache on Darwin in Node versions prior to 10.6. (@isaacs)
• 6.10.1-next.2 - 2019-07-10

  6.10.1-next.2

• 6.10.1-next.1 - 2019-07-03
• 6.10.1-next.0 - 2019-07-03
• 6.10.0 - 2019-07-03
• 6.10.0-next.0 - 2019-07-01
• 6.9.2 - 2019-06-27
• 6.9.1-next.0 - 2019-03-20
• 6.9.0 - 2019-03-06
• 6.9.0-next.0 - 2019-02-21
• 6.8.0 - 2019-02-13
• 6.8.0-next.2 - 2019-02-07
• 6.8.0-next.1 - 2019-02-06
• 6.8.0-next.0 - 2019-01-31
• 6.7.0 - 2019-01-23
• 6.6.0 - 2019-01-17
• 6.6.0-next.1 - 2019-01-10
• 6.6.0-next.0 - 2018-12-12
• 6.5.0 - 2018-12-10
• 6.5.0-next.0 - 2018-11-28
• 6.4.1 - 2018-08-29
• 6.4.1-next.0 - 2018-08-23
• 6.4.0 - 2018-08-15
• 6.4.0-next.0 - 2018-08-09
• 6.3.0 - 2018-08-02
• 6.3.0-next.0 - 2018-07-25
• 6.2.0 - 2018-07-14
• 6.2.0-next.1 - 2018-07-05
• 6.2.0-next.0 - 2018-06-29
• 6.1.0 - 2018-05-24
• 6.1.0-next.0 - 2018-05-17
• 6.0.1 - 2018-05-10
• 6.0.1-next.0 - 2018-05-04
• 6.0.0 - 2018-04-24

from npm GitHub Release Notes

---

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs