[Snyk] Security upgrade atom-package-manager from 2.5.0 to 2.6.3

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • apm/package.json
  • apm/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-JS-OPEN-174041	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Arbitrary Command Injection npm:open:20180512	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: atom-package-manager

The new version differs by 79 commits.

• 1ae38cb Merge branch 'master' of github.com:atom/apm
• e21b21b 2.6.3
• b338166 Merge pull request Create repos for converted TextMate bundles atom/atom#925 from atom/update-bundled-node-version
• 5153fe1 Update bundled node version to 12.18.3
• 0057189 Merge pull request Use Travis CI for Atom packages atom/atom#924 from DeeDeeG/no-deduping-in-postinstall
• 7be56b8 script: Remove automatic deduping from postinstall
• 231324c Merge pull request Only reload active package stylesheets atom/atom#922 from atom/update-keytar
• b91b030 ⬆️ Bump keytar@7.7.0
• 217c5cb 2.6.2
• 0bad9a0 Merge pull request Atom does not work with space in app name atom/atom#916 from atom-community/node-version-4upstream
• 3756fe9 use v12.14.1 to match atom --version
• 5456b1b feat: update the bundled Node version to match Atom-Electron 9
• 9f4d06b Merge pull request File/Folder Renaming via Tree atom/atom#897 from atom-community/update-gitattributes
• db354e9 Merge pull request Switch to cloudant from iriscouch atom/atom#913 from atom-community/git-utils
• 511ebd1 Merge pull request Remove node_modules from NODE_PATH atom/atom#914 from atom-community/async-update-4upstream
• a6f65c4 Merge pull request Output filename with CoffeeScript syntax error. atom/atom#899 from atom-community/github-actions-4upstream
• 1b413e5 fix: detectSeries third callback not passing err
• ea78e5f fix: update async package
• 521b319 Update setup-node
• 5576234 Merge pull request Drawer Icon atom/atom#892 from DeeDeeG/support_visual_studio_2017_and_2019
• 495e14c fix: bump git-utils
• 3df25f9 postinstall.cmd: Don't dedupe if NO_APM_DEDUPE set (Discontinue npmjs registry fork in favor of GitHub Releases atom/atom#912)
• fc32606 Use github actions for windows x86
• 591b834 2.6.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Arbitrary File Overwrite