deps: @npmcli/metavuln-calculator@3.1.0

[wraithgar]

• include cwe and cvss in advisories

[npm-robot]

no statistically significant performance changes detected

timing results

app-large	clean	lock-only	cache-only	cache-only peer-deps	modules-only	no-lock	no-cache	no-modules	no-clean	no-clean audit
npm@8	61.642 ±8.15	33.049 ±0.05	30.600 ±15.30	22.357 ±0.84	3.385 ±0.02	3.491 ±0.05	2.879 ±0.10	12.682 ±0.01	2.715 ±0.03	3.760 ±0.07
#4674	61.417 ±3.78	33.961 ±0.74	19.536 ±0.01	22.349 ±0.64	3.462 ±0.02	3.460 ±0.02	2.753 ±0.02	13.001 ±0.09	2.747 ±0.02	4.031 ±0.28

app-medium	clean	lock-only	cache-only	cache-only peer-deps	modules-only	no-lock	no-cache	no-modules	no-clean	no-clean audit
npm@8	46.429 ±0.93	26.009 ±0.20	14.827 ±0.02	15.772 ±0.14	3.119 ±0.04	3.134 ±0.01	2.816 ±0.10	9.577 ±0.01	2.583 ±0.01	3.505 ±0.00
#4674	45.247 ±4.54	26.532 ±0.21	15.043 ±0.33	16.042 ±0.38	3.191 ±0.02	3.191 ±0.06	2.819 ±0.15	9.715 ±0.06	2.600 ±0.03	3.537 ±0.05

[valentijnscholten]

@wraithgar @lukekarrys would it be possible to backport this to V7?

[wraithgar]

The only breaking change between v7 and v8 was dropping support for older node versions. It is also not shipped by default in any current node version line. As such it is not being maintained. v6 is getting security updates only because it still ships with node 12 and node 14 by default.

[valentijnscholten]

Ah ok, then I just have misread the Google search results or saw old information somewhere.