[Snyk] Upgrade npm from 6.2.0 to 6.14.7

[snyk-bot]

Snyk has created this PR to upgrade npm from 6.2.0 to 6.14.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 55 versions ahead of your current version.
• The recommended version was released a month ago, on 2020-07-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-174125	405/1000 Why? CVSS 8.1	No Known Exploit
	Arbitrary File Write SNYK-JS-NPM-537606	405/1000 Why? CVSS 8.1	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-NPM-537603	405/1000 Why? CVSS 8.1	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	405/1000 Why? CVSS 8.1	No Known Exploit
	Arbitrary File Write SNYK-JS-BINLINKS-537610	405/1000 Why? CVSS 8.1	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	405/1000 Why? CVSS 8.1	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	405/1000 Why? CVSS 8.1	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	405/1000 Why? CVSS 8.1	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	405/1000 Why? CVSS 8.1	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	405/1000 Why? CVSS 8.1	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	405/1000 Why? CVSS 8.1	Proof of Concept
	Unauthorized File Access SNYK-JS-NPM-537604	405/1000 Why? CVSS 8.1	Proof of Concept
	Unauthorized File Access SNYK-JS-BINLINKS-537609	405/1000 Why? CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: npm

• 6.14.7 - 2020-07-21
  

  BUG FIXES

  • de5108836 #784 npm explore spawn shell correctly (@jasisk)
  • 36e6c01d3 git tag handling regression on shrinkwrap (@claudiahdz)
  • 1961c9369 #288 Fix package id in shrinkwrap lifecycle step output (@bz2)
  • 87888892a #1009 gracefully handle error during npm install (@danielleadams)
  • 6fe2bdc25 #1547 npm ls --parseable --long output (@ruyadorno)

  DEPENDENCIES

  • 2d78481c7 update mkdirp on tacks (@claudiahdz)
  • 4e129d105 uninstall npm-registry-couchapp (@claudiahdz)
  • 8e1869e27 update marked dev dep (@claudiahdz)
  • 6a6151f37 libnpx@10.2.4 (@claudiahdz)
  • dc21422eb bin-links@1.1.8 (@claudiahdz)
  • d341f88ce gentle-fs@2.3.1 (@claudiahdz)
  • 3e168d49b libcipm@4.0.8 (@claudiahdz)
  • 6ae942a51 npm-audit-report@1.3.3 (@claudiahdz)
  • 6a35e3dee npm-lifecycle@3.1.5 (@claudiahdz)
• 6.14.6 - 2020-07-07
  

  6.14.6 (2020-07-07)

  BUG FIXES

  • a9857b8f6 chore: remove auth info from logs (@claudiahdz)
  • b7ad77598 #1416 fix: wrong npm doctor command result (@vanishcode)

  DEPENDENCIES

  • 94eca6377 npm-registry-fetch@4.0.5 (@claudiahdz)
  • c49b6ae28 #1418 spdx-license-ids@3.0.5 (@kemitchell)
• 6.14.5 - 2020-05-04
  

  6.14.5 (2020-05-04)

  BUG FIXES

  • 33ec41f18 #758 fix: relativize file links when inflating shrinkwrap (@jsnajdr)
  • 94ed456df #1162 fix: npm init help output (@mum-never-proud)

  DEPENDENCIES

  • 5587ac01f npm-registry-fetch@4.0.4
    • fc5d94c39 fix: removed default timeout
  • 07a4d8884 graceful-fs@4.2.4
  • 8228d1f2e mkdirp@0.5.5
  • e6d208317 nopt@4.0.3
• 6.14.4 - 2020-03-25
  

  6.14.4 (2020-03-25)

  DEPENDENCIES

  • 136832dca mkdirp@0.5.4
  • Bump minimist@1.2.5 transitive dep to resolve security issue
    • 9c554fd8c update-notifier@2.5.0
    • bump deep-extend@1.2.5
    • bump is-ci@1.2.1
    • bump is-retry-allowed@1.2.0
    • bump rc@1.2.8
    • bump registry-auth-token@3.4.0
    • bump widest-line@2.0.1
  • 8bf99b2b5 #1053 deps: updates term-size to use signed binary
• 6.14.3 - 2020-03-19
  

  6.14.3 (2020-03-19)

  DOCUMENTATION

  • 4ad221487 #1020 docs(teams): updated team docs to reflect MFA workflow (@blkdm0n)
  • 4a31a4ba2 #1034 docs: cleanup (@ruyadorno)
  • 0eac801cd #1013 docs: fix links to cli commands (@alenros)
  • 7d8e5b99c #755 docs: correction to npm update -g behaviour (@johnkennedy9147)

  DEPENDENCIES

  • e11167646 mkdirp@0.5.3
    • c5b97d17d fix: bump minimist dep to resolve security issue (@isaacs)
  • c50d679c6 rimraf@2.7.1
  • a2de99ff9 npm-registry-mock@1.3.1
  • 217debeb9 npm-registry-couchapp@2.7.4
• 6.14.2 - 2020-03-03
  

  6.14.2 (2020-03-03)

  DOCUMENTATION

  • f9248c0be #730 chore(docs): update unpublish docs & policy reference (@nomadtechie, @mikemimik)

  DEPENDENCIES

  • 909cc3918 hosted-git-info@2.8.8 (@darcyclarke)
    • 5038b1891 fix: regression in old node versions w/ respect to url.URL implmentation
  • 9204ffa58 npm-profile@4.0.4 (@isaacs)
    • 6bcf0860a fix: treat non-http/https login urls as invalid
  • 0365d39bd glob@7.1.6 (@isaacs)
  • dab030536 node-gyp@5.1.0 (@rvagg)
• 6.14.1 - 2020-02-27
  

  6.14.1 (2020-02-26)

  • 303e5c11e hosted-git-info@2.8.7 Fixes a regression where scp-style git urls are passed to the WhatWG URL parser, which does not handle them properly. (@isaacs)
• 6.14.0 - 2020-02-25
  

  6.14.0 (2020-02-25)

  FEATURES

  • 30f170877 #731 add support for multiple funding sources (@ljharb & @ruyadorno)

  BUG FIXES

  • 55916b130 #508 fix: check npm.config before accessing its members (@kaiyoma)
  • 7d0cd65b2 #733 fix: access grant with unscoped packages (@netanelgilad)
  • 28c3d40d6, 0769c5b20 #945, #697 fix: allow new major versions of node to be automatically considered "supported" (@isaacs, @ljharb)

  DEPENDENCIES

  • 6f39e93 hosted-git-info@2.8.6 (@darcyclarke)
    • fix: passwords & usernames are escaped properly in git deps (@stevenhilder)
  • f14b594ee chownr@1.1.4 (@isaacs)
  • 77044150b npm-packlist@1.4.8 (@isaacs)
  • 1d112461a npm-registry-fetch@4.0.3 (@isaacs)
    • ba8b4fe fix: always bypass cache when ?write=true
  • a47fed760 readable-stream@3.6.0
    • 3bbf2d6 fix: babel's "loose mode" class transform enbrittles BufferList (@ljharb)

  DOCUMENTATION

  • 284c1c055, fbb5f0e50 #729 update lifecycle hooks docs
    (@seanhealy, @mikemimik)
  • 1c272832d #787 fix: trademarks typo (@dnicolson)
  • f6ff41776 #936 fix: postinstall example (@ajaymathur)
  • 373224b16 #939 fix: bad links in publish docs (@vit100)

  MISCELLANEOUS

  • 85c79636d #736 add script to update dist-tags (@mikemimik)
• 6.13.7 - 2020-01-28
  

  6.13.7 (2020-01-28)

  BUG FIXES

  • 7dbb91438 #655 Update CI detection cases (@isaacs)

  DEPENDENCIES

  • 0fb1296c7 libnpx@10.2.2 (@mikemimik)
  • c9b69d569 node-gyp@5.0.7 (@mikemimik)
  • e8dbaf452 bin-links@1.1.7 (@mikemimik)
    • #613 Fixes bin entry for package
• 6.13.6 - 2020-01-09
  

  6.13.6 (2020-01-09)

  DEPENDENCIES

  • 6dba897a1 pacote@9.5.12:
    • d2f4176 fix(git): Do not drop uid/gid when executing in root-owned directory (@isaacs)
• 6.13.5 - 2020-01-09
• 6.13.4 - 2019-12-11
• 6.13.3 - 2019-12-10
• 6.13.2 - 2019-12-03
• 6.13.1 - 2019-11-18
• 6.13.0 - 2019-11-05
• 6.12.1 - 2019-10-29
• 6.12.0 - 2019-10-08
• 6.12.0-next.0 - 2019-09-26
• 6.11.3 - 2019-09-03
• 6.11.2 - 2019-08-22
• 6.11.1 - 2019-08-21
• 6.11.0 - 2019-08-20
• 6.10.3 - 2019-08-06
• 6.10.2 - 2019-07-23
• 6.10.2-next.3 - 2019-07-22
• 6.10.2-next.2 - 2019-07-21
• 6.10.2-next.1 - 2019-07-17
• 6.10.2-next.0 - 2019-07-16
• 6.10.1 - 2019-07-11
• 6.10.1-next.2 - 2019-07-10
• 6.10.1-next.1 - 2019-07-03
• 6.10.1-next.0 - 2019-07-03
• 6.10.0 - 2019-07-03
• 6.10.0-next.0 - 2019-07-01
• 6.9.2 - 2019-06-27
• 6.9.1-next.0 - 2019-03-20
• 6.9.0 - 2019-03-06
• 6.9.0-next.0 - 2019-02-21
• 6.8.0 - 2019-02-13
• 6.8.0-next.2 - 2019-02-07
• 6.8.0-next.1 - 2019-02-06
• 6.8.0-next.0 - 2019-01-31
• 6.7.0 - 2019-01-23
• 6.6.0 - 2019-01-17
• 6.6.0-next.1 - 2019-01-10
• 6.6.0-next.0 - 2018-12-12
• 6.5.0 - 2018-12-10
• 6.5.0-next.0 - 2018-11-28
• 6.4.1 - 2018-08-29
• 6.4.1-next.0 - 2018-08-23
• 6.4.0 - 2018-08-15
• 6.4.0-next.0 - 2018-08-09
• 6.3.0 - 2018-08-02
• 6.3.0-next.0 - 2018-07-25
• 6.2.0 - 2018-07-14

from npm GitHub release notes

Commit messages

Package name: npm

• 42e4625 6.14.7
• a81da2b update AUTHORS
• e6e8d29 docs: changelog for 6.14.7
• 6a35e3d npm-lifecycle@3.1.5
• 6ae942a npm-audit-report@1.3.3
• 3e168d4 libcipm@4.0.8
• d341f88 gentle-fs@2.3.1
• dc21422 bin-links@1.1.8
• 6fe2bdc fix: npm ls --parseable --long output
• 8788889 fix: gracefully handle error during npm install
• 1961c93 Fix package id in shrinkwrap lifecycle step output
• 36e6c01 fix: git tag handling regression on shrinkwrap
• de51088 fix: npm explore spawn shell correctly
• 8e1869e deps: fix outdated dev deps
• 4e129d1 deps: uninstall npm-registry-couchapp
• 2d78481 deps: update mkdirp on tacks
• 6a6151f libnpx@10.2.4
• 66092d5 6.14.6
• 46e91d9 update AUTHORS
• 66aab41 docs: changelog for 6.14.6
• 94eca63 npm-registry-fetch@4.0.5
• a9857b8 chore: remove auth info from logs
• 479e45c style: fix lint error with no trailing comma
• 1aec4cb test: add test for `npm doctor` that ping registry returns error

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs