[Snyk] Upgrade npm from 6.2.0 to 6.13.7 #124
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade npm from 6.2.0 to 6.13.7.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.The recommended version fixes:
SNYK-JS-TAR-174125
SNYK-JS-NPM-537606
SNYK-JS-NPM-537603
SNYK-JS-FSTREAM-174725
SNYK-JS-BINLINKS-537610
SNYK-JS-BINLINKS-537608
npm:mem:20180117
SNYK-JS-HTTPSPROXYAGENT-469131
SNYK-JS-NPM-537604
SNYK-JS-BINLINKS-537609
Release notes
Package name: npm
6.13.7 (2020-01-28)
BUG FIXES
7dbb91438
#655 Update CI detection cases (@isaacs)DEPENDENCIES
0fb1296c7
libnpx@10.2.2
(@mikemimik)c9b69d569
node-gyp@5.0.7
(@mikemimik)e8dbaf452
bin-links@1.1.7
(@mikemimik)6.13.6 (2020-01-09)
DEPENDENCIES
6dba897a1
pacote@9.5.12
:d2f4176
fix(git): Do not drop uid/gid when executing in root-owned directory (@isaacs)6.13.5 (2020-01-09)
BUG FIXES
fd0a802ec
#550 Fix cache location fornpm ci
(@zhenyavinogradov)4b30f3cca
#648 fix(version): using 'allow-same-version', git commit --allow-empty and git tag -f (@rhengles)TESTING
e16f68d30
test(ci): add failing cache config test (@ruyadorno)3f009fbf2
#659 test: fix bin-overwriting test on Windows (@isaacs)43ae0791f
#601 ci: Allow builds to run even if one fails (@XhmikosR)4a669bee4
#603 Remove the unused appveyor.yml (@XhmikosR)9295046ac
#600 ci: switch toactions/checkout@v2
(@XhmikosR)DOCUMENTATION
f2d770ac7
#569 fix netlify publish path config (@claudiahdz)462cf0983
#627 update gatsby dependencies (@felixonmars)6fb5dbb72
#532 docs: clarify usage of global prefix (@jgehrcke)6.13.4 (2019-12-11)
BUGFIXES
320ac9aee
npm/bin-links#12 npm/gentle-fs#7 Do not remove global bin/man links inappropriately (@isaacs)DEPENDENCIES
52fd21061
gentle-fs@2.3.0
(@isaacs)d06f5c0b0
bin-links@1.1.6
(@isaacs)6.13.3 (2019-12-09)
DEPENDENCIES
19ce061a2
bin-links@1.1.5
Properly normalize, sanitize, and verifybin
entries inpackage.json
.59c836aae
npm-packlist@1.4.7
fb4ecd7d2
pacote@9.5.11
5f33040
#476 npm/pacote#22 npm/pacote#14 fix: Do not drop perms in git when not root (isaacs, @darcyclarke)6f229f7
sanitize and normalize package bin field (isaacs)1743cb339
read-package-json@2.1.1
6.13.2 (2019-12-03)
BUG FIXES
4429645b3
#546 fix docs target typo (@richardlau)867642942
#142 fix(packageRelativePath): fix 'where' for file deps (@larsgw)d480f2c17
#527 Revert "windows: Add preliminary WSL support for npm and npx" (@craigloewen-msft)e4b97962e
#504 remove unnecessary package.json read when reading shrinkwrap (@Lighting-Jack)1c65d26ac
#501 fix(fund): open url for string shorthand (@ruyadorno)ae7afe565
#263 Don't log error message if git tagging is disabled (@woppa684)4c1b16f6a
#182 Warn the user that it is uninstalling npm-install (@Hoidberg)6.13.1 (2019-11-18)
BUG FIXES
938d6124d
#472 fix(fund): support funding string shorthand (@ruyadorno)b49c5535b
#471 should not publish tap-snapshot folder (@ruyadorno)3471d5200
#253 Add preliminary WSL support for npm and npx (@infinnie)3ef295f23
#486 print quick audit report for human output (@isaacs)TESTING
dbbf977ac
#278 added workflow to trigger and run benchmarks (@mikemimik)b4f5e3825
#457 feat(docs): adding tests and updating docs to reflect changes in registry teams API. (@nomadtechie)454c7dd60
#456 fix git configs for git 2.23 and above (@isaacs)DOCUMENTATION
b8c1576a4
30b013ae8
26c1b2ef6
9f943a765
c0346b158
8e09d5ad6
4a2f551ee
87d67258c
5c3b32722
b150eaeff
7555a743c
b89423e2f
#463 #285 #268 #232 #485 #453 docs cleanup: typos, styling and content (@claudiahdz) (@XhmikosR) (@mugli) (@brettz9) (@mkotsollaris)DEPENDENCIES
661d86cd2
make-fetch-happen@5.0.2
(@claudiahdz)6.13.0 (2019-11-05)
NEW FEATURES
4414b06d9
#273 add fund command (@ruyadorno)DOCUMENTATION
ae4c74d04
#274 migrate existing docs to gatsby (@claudiahdz)4ff1bb180
#277 updated documentation copy (@oletizi)BUG FIXES
e4455409f
#281 delete ps1 files on package removal (@NoDocCat)cd14d4701
#279 update supported node list to remove v6.0, v6.1, v9.0 - v9.2 (@ljharb)DEPENDENCIES
a37296b20
pacote@9.5.9
d3cb3abe8
read-cmd-shim@1.0.5
TESTING
688cd97be
#272 use github actions for CI (@JasonEtco)9a2d8af84
#240 Clean up some flakiness and inconsistency (@isaacs)6.12.1 (2019-10-29)
BUG FIXES
6508e833d
#269 add node v13 as a supported version (@ljharb)b6588a8f7
#265 Fix regression in lockfile repair for sub-deps (@feelepxyz)d5dfe57a1
#266 resolve circular dependency in pack.js (@addaleax)DEPENDENCIES
73678bb59
chownr@1.1.3
4b76926e2
graceful-fs@4.2.3
c691f36a9
libcipm@4.0.7
5e1a14975
npm-packlist@1.4.6
c194482d6
npm-registry-fetch@4.0.2
bc6a8e0ec
tar@4.4.1
4dcca3cbb
uuid@3.3.3
6.12.0 (2019-10-08):
Now
npm ci
runs prepare scripts for git dependencies, and respects the--no-optional
argument. Warnings forengine
mismatches are printed again. Various other fixes and cleanups.BUG FIXES
890b245dc
#252 ci: add dirPacker to options (@claudiahdz)f3299acd0
#257 npm.community#4792 warn message on engine mismatch (@ruyadorno)bbc92fb8f
#259 npm.community#10288 Fix figgyPudding error innpm token
(@benblank)70f54dcb5
#241 doctor: Make OK more consistent (@gemal)FEATURES
ed993a29c
#249 Add CI environment variables to user-agent (@isaacs)f6b0459a4
#248 Add option to save package-lock without formatting Adds a new config--format-package-lock
, which defaults to true. (@bl00mber)DEPENDENCIES
0ca063c5d
npm-lifecycle@3.1.4
:5df6b0ea2
libcipm@4.0.4
:7e04f728c
tar@4.4.12
5c380e5a3
stringify-package@1.0.1
(@isaacs)62f2ca692
node-gyp@5.0.5
(@isaacs)0ff0ea47a
npm-install-checks@3.0.2
(@isaacs)f46edae94
hosted-git-info@2.8.5
(@isaacs)TESTING
44a2b036b
#262 fix root-ownership race conditions in meta-test (@isaacs)Commit messages
Package name: npm
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
[//]: # (snyk:metadata:{"dependencies":[{"name":"npm","from":"6.2.0","to":"6.13.7"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/phillipgraniero-rxi/project/2958b718-1a0e-4eb7-bf1f-99ec96c329f3?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"2958b718-1a0e-4eb7-bf1f-99ec96c329f3","env":"prod","prType":"upgrade","vulns":["SNYK-JS-TAR-174125","SNYK-JS-NPM-537606","SNYK-JS-NPM-537603","SNYK-JS-FSTREAM-174725","SNYK-JS-BINLINKS-537610","SNYK-JS-BINLINKS-537608","npm:mem:20180117","SNYK-JS-HTTPSPROXYAGENT-469131","SNYK-JS-NPM-537604","SNYK-JS-BINLINKS-537609"],"issuesToFix":[{"issueId":"SNYK-JS-TAR-174125","severity":"high","title":"Arbitrary File Overwrite","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-NPM-537606","severity":"high","title":"Arbitrary File Write","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-NPM-537603","severity":"high","title":"Arbitrary File Overwrite","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-FSTREAM-174725","severity":"high","title":"Arbitrary File Overwrite","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-BINLINKS-537610","severity":"high","title":"Arbitrary File Write","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-BINLINKS-537608","severity":"high","title":"Arbitrary File Overwrite","exploitMaturity":"proof-of-concept"},{"issueId":"npm:mem:20180117","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit"},{"issueId":"SNYK-JS-HTTPSPROXYAGENT-469131","severity":"medium","title":"Man-in-the-Middle (MitM)","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-NPM-537604","severity":"low","title":"Unauthorized File Access","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-BINLINKS-537609","severity":"low","title":"Unauthorized File Access","exploitMaturity":"proof-of-concept"}],"upgrade":["SNYK-JS-TAR-174125","SNYK-JS-NPM-537606","SNYK-JS-NPM-537603","SNYK-JS-FSTREAM-174725","SNYK-JS-BINLINKS-537610","SNYK-JS-BINLINKS-537608","npm:mem:20180117","SNYK-JS-HTTPSPROXYAGENT-469131","SNYK-JS-NPM-537604","SNYK-JS-BINLINKS-537609"],"upgradeInfo":{"versionsDiff":47,"publishedDate":"2020-01-28T19:09:13.959Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})