[Snyk] Upgrade pacote from 15.2.0 to 17.0.4

[gutwrinch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade pacote from 15.2.0 to 17.0.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2023-08-30.

Release notes

Package name: pacote

• 17.0.4 - 2023-08-30
  

  17.0.4 (2023-08-30)

  Dependencies

  • ba8f790 #309 bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
  • 2c0d3ae #308 bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 17.0.3 - 2023-08-24
  

  17.0.3 (2023-08-24)

  Dependencies

  • ace7c28 #305 bump npm-packlist from 7.0.4 to 8.0.0
• 17.0.2 - 2023-08-18
  

  17.0.2 (2023-08-18)

  Dependencies

  • c3b892d #303 bump sigstore from 1.3.0 to 2.0.0
• 17.0.1 - 2023-08-15
  

  17.0.1 (2023-08-15)

  Dependencies

  • 6ddae13 #302 bump npm-registry-fetch from 15.0.0 to 16.0.0
  • 42bf787 #300 bump npm-pick-manifest from 8.0.2 to 9.0.0
• 17.0.0 - 2023-08-15
  

  17.0.0 (2023-08-15)

  ⚠️ BREAKING CHANGES

  • support for node <=16.13 has been removed

  Bug Fixes

  • 2db2fb5 #296 drop node 16.13.x support (@ lukekarrys)

  Dependencies

  • e9e964b #299 bump read-package-json from 6.0.4 to 7.0.0
  • 5d26500 #298 bump npm-package-arg from 10.1.0 to 11.0.0
  • d13bb9c #294 bump @ npmcli/git from 4.1.0 to 5.0.0
  • 7a25e39 #293 bump cacache from 17.1.4 to 18.0.0
• 16.0.0 - 2023-08-11
  

  16.0.0 (2023-07-28)

  ⚠️ BREAKING CHANGES

  • the underlying fetch module now uses @ npmcli/agent. Backwards compatibility should be fully implemented but due to the scope of this change it was made a breaking change out of an abundance of caution.
  • support for node 14 has been removed

  Bug Fixes

  • 73b6297 #290 drop node14 support (#290) (@ wraithgar)

  Dependencies

  • 8dc6a32 bump minipass from 5.0.0 to 7.0.2
  • 7cebf19 bump npm-registry-fetch from 14.0.5 to 15.0.0
• 15.2.0 - 2023-05-18
  

  15.2.0 (2023-05-03)

  Features

  • 3307ad9 #278 configurable TUF cache dir (#278) (@ bdehamer)

from pacote GitHub release notes

Commit messages

Package name: pacote

• 18e760f chore: release 17.0.4
• ba8f790 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae deps: bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 7aa2062 chore: release 17.0.3
• ace7c28 deps: bump npm-packlist from 7.0.4 to 8.0.0
• f1efd0c chore: release 17.0.2
• c3b892d deps: bump sigstore from 1.3.0 to 2.0.0
• c75d7d5 chore: release 17.0.1
• 6ddae13 deps: bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 deps: bump npm-pick-manifest from 8.0.2 to 9.0.0
• 9fa2de9 chore: release 17.0.0
• e9e964b deps: bump read-package-json from 6.0.4 to 7.0.0
• f69d844 chore: hosted-git-info@7.0.0
• 5d26500 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• d13bb9c deps: bump @ npmcli/git from 4.1.0 to 5.0.0
• 7a25e39 deps: bump cacache from 17.1.4 to 18.0.0
• 2db2fb5 fix: drop node 16.13.x support
• 5cdbfd1 chore: release 16.0.0
• 8dc6a32 deps: bump minipass from 5.0.0 to 7.0.2
• 7cebf19 deps: bump npm-registry-fetch from 14.0.5 to 15.0.0
• 73b6297 fix: drop node14 support ([FEATURE] Provide credentials to npm trough environment variables npm/cli#290)
• 53cf17e chore: postinstall for dependabot template-oss PR
• 865d5c7 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 040add9 chore: postinstall for dependabot template-oss PR

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs