[Snyk] Security upgrade npm from 5.6.0 to 6.10.1 #88
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
openshift/message-board/message-board-web/package.json
openshift/message-board/message-board-web/package-lock.json
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-HAWK-6969142
Release notes
Package name: npm
BUGFIXES
3cbd57712
fix(git): strip GIT environs when running git (@ isaacs)a81a8c4c4
#206 improve isOnly(Dev,Optional) (@ larsgw)172f9aca6
#179 fix-xmas-underline (@ raywu0123)f52673fc7
#212 build: use/usr/bin/env
to load bash (@ rsmarples)DEPENDENCIES
ef4445ad3
#208node-gyp@5.0.2
(@ irega)c0d611356
npm-lifecycle@3.0.0
(@ isaacs)7716ba972
libcipm@4.0.0
(@ isaacs)42d22e837
libnpm@3.0.0
(@ isaacs)a2ea7f9ff
semver@5.7.0
(@ isaacs)429226a5e
lru-cache@5.1.1
(@ isaacs)175670ea6
npm-registry-fetch@3.9.1
: (@ isaacs)0d0517f7f
call-limit@1.1.1
(@ isaacs)741400429
glob@7.1.4
(@ isaacs)bddd60e30
inherits@2.0.4
(@ isaacs)4acf03fd1
libnpmsearch@2.0.1
(@ isaacs)c2bd17291
marked@0.6.3
(@ isaacs)7f0221bb1
marked-man@0.6.0
(@ isaacs)f458fe7dd
npm-lifecycle@2.1.1
(@ isaacs)009752978
node-gyp@4.0.0
(@ isaacs)0fa2bb438
query-string@6.8.1
(@ isaacs)b86450929
tar-stream@2.1.0
(@ isaacs)25db00fe9
worker-farm@1.7.0
(@ isaacs)8dfbe8610
readable-stream@3.4.0
(@ isaacs)f6164d5dd
isaacs/chownr#21 isaacs/chownr#20 npm.community#7901 npm.community#8203chownr@1.1.2
This fixes an EISDIR error from cacache on Darwin in Node versions prior to 10.6. (@ isaacs)6.10.1-next.2
6.10.1-next.1
6.10.1-next.0
FEATURES
87fef4e35
#176 fix: Always return JSON for outdated --json (@ sreeramjayan)f101d44fc
#203 fix(unpublish): add space after hyphen (@ ffflorian)a4475de4c
#202 enable production flag for npm audit (@ CalebCourier)d192904d0
#178 fix: Return a value forview
when in silent mode (@ stayradiated)39d473adf
#185 Allow git to follow global tagsign config (@ junderw)BUGFIXES
d9238af0b
#201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)4bec4f111
#200 Check fornode
(as well asnode.exe
) in npm's local dir on Windows (@ rgoulais)ce93dab2d
#180 npm.community#6187 Fix handling ofremote
deps innpm outdated
(@ larsgw)TESTING
a823f3084
travis: Update to include new v12 LTS (@ isaacs)33e2d1dac
fix flaky debug-logs test (@ isaacs)e9411c6cd
Don't time out waiting for gpg user input (@ isaacs)d2d301704
#195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)a4dc34243
parallel tests (@ isaacs)DOCUMENTATION
f5857e263
#192 Clarify usage of bundledDependencies (@ john-osullivan)747fdaf66
#159 doc: add --audit-level param (@ ngraef)DEPENDENCIES
e36b3c320
graceful-fs@4.2.0 (@ isaacs)6bb935c09
read-package-tree@5.3.1 (@ isaacs)e9cd536
Use custom cachingrealpath
implementation, dramatically reducinglstat
calls when reading the package tree (@ isaacs)39538b460
write-file-atomic@2.4.3 (@ isaacs)f8b1552
#38 Ignore errors raised byfs.closeSync
(@ lukeapage)042193069
pacote@9.5.1 (@ isaacs)8bbd051
#172 limit git retry times, avoid unlimited retries (小秦)92f5e4c
#170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)8bd8e909f
cacache@11.3.3 (@ isaacs)47de8f5
#146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)5156561
fix(write): avoid acb never called
situation (@ zkat)90f40f0
#166 #165 docs: Fix docs forpath
property in get.info (@ hdgarrood)bf61c45c6
bluebird@3.5.5 (@ isaacs)f75d46a9d
tar@4.4.10 (@ isaacs)c80341a
#215 Fix encoding/decoding of base-256 numbers (@ justfalter)77522f0
#204 #214 Usestat
instead oflstat
when checking CWD (@ stkb)ec6236210
npm-packlist@1.4.4 (@ isaacs)63d1e3e
#30 Sort package tarball entries by file type for compression benefits (@ isaacs)7fcd045
Ignore.DS_Store
files as well as folders (@ isaacs)68b7c96
Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)57bef61bc
update fstream in node-gyp (@ isaacs)acbbf7eee
#183 licensee@7.0.2 (@ kemitchell)011ae67f0
readable-stream@3.3.0 (@ isaacs)f5e884909
npm-registry-mock@1.2.1 (@ isaacs)b57d07e35
npm-registry-couchapp@2.7.2 (@ isaacs)FEATURES
87fef4e35
#176 fix: Always return JSON for outdated --json (@ sreeramjayan)f101d44fc
#203 fix(unpublish): add space after hyphen (@ ffflorian)a4475de4c
#202 enable production flag for npm audit (@ CalebCourier)d192904d0
#178 fix: Return a value forview
when in silent mode (@ stayradiated)39d473adf
#185 Allow git to follow global tagsign config (@ junderw)BUGFIXES
d9238af0b
#201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)4bec4f111
#200 Check fornode
(as well asnode.exe
) in npm's local dir on Windows (@ rgoulais)ce93dab2d
#180 npm.community#6187 Fix handling ofremote
deps innpm outdated
(@ larsgw)TESTING
a823f3084
travis: Update to include new v12 LTS (@ isaacs)33e2d1dac
fix flaky debug-logs test (@ isaacs)e9411c6cd
Don't time out waiting for gpg user input (@ isaacs)d2d301704
#195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)a4dc34243
parallel tests (@ isaacs)DOCUMENTATION
f5857e263
#192 Clarify usage of bundledDependencies (@ john-osullivan)747fdaf66
#159 doc: add --audit-level param (@ ngraef)DEPENDENCIES
e36b3c320
graceful-fs@4.2.0 (@ isaacs)6bb935c09
read-package-tree@5.3.1 (@ isaacs)e9cd536
Use custom cachingrealpath
implementation, dramatically reducinglstat
calls when reading the package tree (@ isaacs)39538b460
write-file-atomic@2.4.3 (@ isaacs)f8b1552
#38 Ignore errors raised byfs.closeSync
(@ lukeapage)042193069
pacote@9.5.1 (@ isaacs)8bbd051
#172 limit git retry times, avoid unlimited retries (小秦)92f5e4c
#170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)8bd8e909f
cacache@11.3.3 (@ isaacs)47de8f5
#146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)5156561
fix(write): avoid acb never called
situation (@ zkat)90f40f0
#166 #165 docs: Fix docs forpath
property in get.info (@ hdgarrood)bf61c45c6
bluebird@3.5.5 (@ isaacs)f75d46a9d
tar@4.4.10 (@ isaacs)c80341a
#215 Fix encoding/decoding of base-256 numbers (@ justfalter)77522f0
#204 #214 Usestat
instead oflstat
when checking CWD (@ stkb)ec6236210
npm-packlist@1.4.4 (@ isaacs)63d1e3e
#30 Sort package tarball entries by file type for compression benefits (@ isaacs)7fcd045
Ignore.DS_Store
files as well as folders (@ isaacs)68b7c96
Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)57bef61bc
update fstream in node-gyp (@ isaacs)acbbf7eee
#183 licensee@7.0.2 (@ kemitchell)011ae67f0
readable-stream@3.3.0 (@ isaacs)f5e884909
npm-registry-mock@1.2.1 (@ isaacs)b57d07e35
npm-registry-couchapp@2.7.2 (@ isaacs)This release is identical to v6.9.1, but we had to publish a new version due to a .git directory in the release.
v6.9.1 (2019-03-20):
BUGFIXES
6b1a9da0e
#165 UpdateknownBroken
version. (@ ljharb)d07547154
npm.community#5929 Fixoutdated
rendering for global dependencies. (@ zkat)e4a1f1745
npm.community#6259 Fix OTP for token create and remove. (@ zkat)DEPENDENCIES
a163a9c35
sha@3.0.0
(@ aeschright)47b08b3b9
query-string@6.4.0
(@ aeschright)d6a956cff
readable-stream@3.2.0
(@ aeschright)10b8bed2b
tacks@1.3.0
(@ aeschright)e7483704d
tap@12.6.0
(@ aeschright)3242fe698
tar-stream@2.0.1
(@ aeschright)FEATURES
2ba3a0f67
#90 Time traveling installs using the--before
flag. (@ zkat)b7b54f2d1
#3 Add support for package aliases. This allows packages to be installed under a different directory than the package name listed inpackage.json
, and adds a new dependency type to allow this to be done for registry dependencies. (@ zkat)684bccf06
#146 Always savepackage-lock.json
when using--package-lock-only
. (@ aeschright)b8b8afd40
#139 Make empty-string run-scripts run successfully as a no-op. (@ vlasy)8047b19b1
npm.community#3784 Match git semver ranges when flattening the tree. (@ larsgw)e135c2bb3
npm.community#1725 Re-enable updating local packages. (@ larsgw)BUGFIXES
cf09fbaed
#153 Set modified to undefined innpm view
whentime
is not available. This fixes a bug wherenpm view
would crash on certain third-party registries. (@ simonua)774fc26ee
#154 Print out tar version ininstall.sh
only when the flag is supported not all the tar implementations support --version flag. This allows the install script to work in OpenBSD, for example. (@ agudulin)863baff11
#158 Fix typo in error message fornpm stars
. (@ phihag)a805a95ad
npm.community#4227 Strip version info from pkg on E404. This improves the error messaging format. (@ larsgw)DOCS
5d7633833
#160 Addnpm add
as alias to npm install in docs. (@ ahasall)489c2211c
#162 Fix link to RFC #10 in the changelog. (@ mansona)433020ead
#135 Describe exit codes in npm-audit docs. (@ emilis-tm)DEPENDENCIES
ee6b6746b
zkat/make-fetch-happen#29agent-base@4.2.1
(@ TooTallNate)2ce23baf5
lock-verify@2.1.0
: Adds support for package aliases (@ zkat)baaedbc6e
pacote@9.5.0
: Adds opts.before support (@ zkat)57e771a03
#164licensee@6.1.0
(@ kemitchell)2b78288d4
add core to default inclusion tests in pack (@ zkat)9b8b6513f
npm.community#5382npm-packlist@1.4.1
: Fixes bug wherecore/
directories were being suddenly excluded. (@ zkat)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Authentication Bypass