[Snyk] Upgrade npm from 6.10.1 to 6.14.4 #3
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade npm from 6.10.1 to 6.14.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.The recommended version fixes:
SNYK-JS-NPM-537606
SNYK-JS-NPM-537603
SNYK-JS-BINLINKS-537610
SNYK-JS-BINLINKS-537608
npm:mem:20180117
SNYK-JS-HTTPSPROXYAGENT-469131
SNYK-JS-NPM-537604
SNYK-JS-BINLINKS-537609
Release notes
Package name: npm
6.14.4 (2020-03-25)
DEPENDENCIES
136832dca
mkdirp@0.5.4
minimist@1.2.5
transitive dep to resolve security issue9c554fd8c
update-notifier@2.5.0
deep-extend@1.2.5
is-ci@1.2.1
is-retry-allowed@1.2.0
rc@1.2.8
registry-auth-token@3.4.0
widest-line@2.0.1
8bf99b2b5
#1053 deps: updates term-size to use signed binary6.14.3 (2020-03-19)
DOCUMENTATION
4ad221487
#1020 docs(teams): updated team docs to reflect MFA workflow (@blkdm0n)4a31a4ba2
#1034 docs: cleanup (@ruyadorno)0eac801cd
#1013 docs: fix links to cli commands (@alenros)7d8e5b99c
#755 docs: correction tonpm update -g
behaviour (@johnkennedy9147)DEPENDENCIES
e11167646
mkdirp@0.5.3
c5b97d17d
fix: bumpminimist
dep to resolve security issue (@isaacs)c50d679c6
rimraf@2.7.1
a2de99ff9
npm-registry-mock@1.3.1
217debeb9
npm-registry-couchapp@2.7.4
6.14.2 (2020-03-03)
DOCUMENTATION
f9248c0be
#730 chore(docs): update unpublish docs & policy reference (@nomadtechie, @mikemimik)DEPENDENCIES
909cc3918
hosted-git-info@2.8.8
(@darcyclarke)5038b1891
fix: regression in old node versions w/ respect to url.URL implmentation9204ffa58
npm-profile@4.0.4
(@isaacs)6bcf0860a
fix: treat non-http/https login urls as invalid0365d39bd
glob@7.1.6
(@isaacs)dab030536
node-gyp@5.1.0
(@rvagg)6.14.1 (2020-02-26)
303e5c11e
hosted-git-info@2.8.7
Fixes a regression where scp-style git urls are passed to the WhatWG URL parser, which does not handle them properly. (@isaacs)6.14.0 (2020-02-25)
FEATURES
30f170877
#731 add support for multiple funding sources (@ljharb & @ruyadorno)BUG FIXES
55916b130
#508 fix: checknpm.config
before accessing its members (@kaiyoma)7d0cd65b2
#733 fix: access grant with unscoped packages (@netanelgilad)28c3d40d6
,0769c5b20
#945, #697 fix: allow new major versions of node to be automatically considered "supported" (@isaacs, @ljharb)DEPENDENCIES
6f39e93
hosted-git-info@2.8.6
(@darcyclarke)f14b594ee
chownr@1.1.4
(@isaacs)77044150b
npm-packlist@1.4.8
(@isaacs)1d112461a
npm-registry-fetch@4.0.3
(@isaacs)ba8b4fe
fix: always bypass cache when ?write=truea47fed760
readable-stream@3.6.0
3bbf2d6
fix: babel's "loose mode" class transform enbrittles BufferList (@ljharb)DOCUMENTATION
284c1c055
,fbb5f0e50
#729 update lifecycle hooks docs(@seanhealy, @mikemimik)
1c272832d
#787 fix: trademarks typo (@dnicolson)f6ff41776
#936 fix: postinstall example (@ajaymathur)373224b16
#939 fix: bad links in publish docs (@vit100)MISCELLANEOUS
85c79636d
#736 add script to update dist-tags (@mikemimik)6.13.7 (2020-01-28)
BUG FIXES
7dbb91438
#655 Update CI detection cases (@isaacs)DEPENDENCIES
0fb1296c7
libnpx@10.2.2
(@mikemimik)c9b69d569
node-gyp@5.0.7
(@mikemimik)e8dbaf452
bin-links@1.1.7
(@mikemimik)6.13.6 (2020-01-09)
DEPENDENCIES
6dba897a1
pacote@9.5.12
:d2f4176
fix(git): Do not drop uid/gid when executing in root-owned directory (@isaacs)6.13.5 (2020-01-09)
BUG FIXES
fd0a802ec
#550 Fix cache location fornpm ci
(@zhenyavinogradov)4b30f3cca
#648 fix(version): using 'allow-same-version', git commit --allow-empty and git tag -f (@rhengles)TESTING
e16f68d30
test(ci): add failing cache config test (@ruyadorno)3f009fbf2
#659 test: fix bin-overwriting test on Windows (@isaacs)43ae0791f
#601 ci: Allow builds to run even if one fails (@XhmikosR)4a669bee4
#603 Remove the unused appveyor.yml (@XhmikosR)9295046ac
#600 ci: switch toactions/checkout@v2
(@XhmikosR)DOCUMENTATION
f2d770ac7
#569 fix netlify publish path config (@claudiahdz)462cf0983
#627 update gatsby dependencies (@felixonmars)6fb5dbb72
#532 docs: clarify usage of global prefix (@jgehrcke)6.13.4 (2019-12-11)
BUGFIXES
320ac9aee
npm/bin-links#12 npm/gentle-fs#7 Do not remove global bin/man links inappropriately (@isaacs)DEPENDENCIES
52fd21061
gentle-fs@2.3.0
(@isaacs)d06f5c0b0
bin-links@1.1.6
(@isaacs)6.13.3 (2019-12-09)
DEPENDENCIES
19ce061a2
bin-links@1.1.5
Properly normalize, sanitize, and verifybin
entries inpackage.json
.59c836aae
npm-packlist@1.4.7
fb4ecd7d2
pacote@9.5.11
5f33040
#476 npm/pacote#22 npm/pacote#14 fix: Do not drop perms in git when not root (isaacs, @darcyclarke)6f229f7
sanitize and normalize package bin field (isaacs)1743cb339
read-package-json@2.1.1
Commit messages
Package name: npm
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs