[Snyk] Security upgrade npm from 5.6.0 to 6.10.1 #88
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
openshift/message-board/message-board-web/package.json
openshift/message-board/message-board-web/package-lock.json
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-HAWK-6969142
Release notes
Package name: npm
BUGFIXES
3cbd57712
fix(git): strip GIT environs when running git (@ isaacs)a81a8c4c4
#206 improve isOnly(Dev,Optional) (@ larsgw)172f9aca6
#179 fix-xmas-underline (@ raywu0123)f52673fc7
#212 build: use/usr/bin/env
to load bash (@ rsmarples)DEPENDENCIES
ef4445ad3
#208[email protected]
(@ irega)c0d611356
[email protected]
(@ isaacs)7716ba972
[email protected]
(@ isaacs)42d22e837
[email protected]
(@ isaacs)a2ea7f9ff
[email protected]
(@ isaacs)429226a5e
[email protected]
(@ isaacs)175670ea6
[email protected]
: (@ isaacs)0d0517f7f
[email protected]
(@ isaacs)741400429
[email protected]
(@ isaacs)bddd60e30
[email protected]
(@ isaacs)4acf03fd1
[email protected]
(@ isaacs)c2bd17291
[email protected]
(@ isaacs)7f0221bb1
[email protected]
(@ isaacs)f458fe7dd
[email protected]
(@ isaacs)009752978
[email protected]
(@ isaacs)0fa2bb438
[email protected]
(@ isaacs)b86450929
[email protected]
(@ isaacs)25db00fe9
[email protected]
(@ isaacs)8dfbe8610
[email protected]
(@ isaacs)f6164d5dd
isaacs/chownr#21 isaacs/chownr#20 npm.community#7901 npm.community#8203[email protected]
This fixes an EISDIR error from cacache on Darwin in Node versions prior to 10.6. (@ isaacs)6.10.1-next.2
6.10.1-next.1
6.10.1-next.0
FEATURES
87fef4e35
#176 fix: Always return JSON for outdated --json (@ sreeramjayan)f101d44fc
#203 fix(unpublish): add space after hyphen (@ ffflorian)a4475de4c
#202 enable production flag for npm audit (@ CalebCourier)d192904d0
#178 fix: Return a value forview
when in silent mode (@ stayradiated)39d473adf
#185 Allow git to follow global tagsign config (@ junderw)BUGFIXES
d9238af0b
#201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)4bec4f111
#200 Check fornode
(as well asnode.exe
) in npm's local dir on Windows (@ rgoulais)ce93dab2d
#180 npm.community#6187 Fix handling ofremote
deps innpm outdated
(@ larsgw)TESTING
a823f3084
travis: Update to include new v12 LTS (@ isaacs)33e2d1dac
fix flaky debug-logs test (@ isaacs)e9411c6cd
Don't time out waiting for gpg user input (@ isaacs)d2d301704
#195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)a4dc34243
parallel tests (@ isaacs)DOCUMENTATION
f5857e263
#192 Clarify usage of bundledDependencies (@ john-osullivan)747fdaf66
#159 doc: add --audit-level param (@ ngraef)DEPENDENCIES
e36b3c320
[email protected] (@ isaacs)6bb935c09
[email protected] (@ isaacs)e9cd536
Use custom cachingrealpath
implementation, dramatically reducinglstat
calls when reading the package tree (@ isaacs)39538b460
[email protected] (@ isaacs)f8b1552
#38 Ignore errors raised byfs.closeSync
(@ lukeapage)042193069
[email protected] (@ isaacs)8bbd051
#172 limit git retry times, avoid unlimited retries (小秦)92f5e4c
#170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)8bd8e909f
[email protected] (@ isaacs)47de8f5
#146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)5156561
fix(write): avoid acb never called
situation (@ zkat)90f40f0
#166 #165 docs: Fix docs forpath
property in get.info (@ hdgarrood)bf61c45c6
[email protected] (@ isaacs)f75d46a9d
[email protected] (@ isaacs)c80341a
#215 Fix encoding/decoding of base-256 numbers (@ justfalter)77522f0
#204 #214 Usestat
instead oflstat
when checking CWD (@ stkb)ec6236210
[email protected] (@ isaacs)63d1e3e
#30 Sort package tarball entries by file type for compression benefits (@ isaacs)7fcd045
Ignore.DS_Store
files as well as folders (@ isaacs)68b7c96
Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)57bef61bc
update fstream in node-gyp (@ isaacs)acbbf7eee
#183 [email protected] (@ kemitchell)011ae67f0
[email protected] (@ isaacs)f5e884909
[email protected] (@ isaacs)b57d07e35
[email protected] (@ isaacs)FEATURES
87fef4e35
#176 fix: Always return JSON for outdated --json (@ sreeramjayan)f101d44fc
#203 fix(unpublish): add space after hyphen (@ ffflorian)a4475de4c
#202 enable production flag for npm audit (@ CalebCourier)d192904d0
#178 fix: Return a value forview
when in silent mode (@ stayradiated)39d473adf
#185 Allow git to follow global tagsign config (@ junderw)BUGFIXES
d9238af0b
#201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)4bec4f111
#200 Check fornode
(as well asnode.exe
) in npm's local dir on Windows (@ rgoulais)ce93dab2d
#180 npm.community#6187 Fix handling ofremote
deps innpm outdated
(@ larsgw)TESTING
a823f3084
travis: Update to include new v12 LTS (@ isaacs)33e2d1dac
fix flaky debug-logs test (@ isaacs)e9411c6cd
Don't time out waiting for gpg user input (@ isaacs)d2d301704
#195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)a4dc34243
parallel tests (@ isaacs)DOCUMENTATION
f5857e263
#192 Clarify usage of bundledDependencies (@ john-osullivan)747fdaf66
#159 doc: add --audit-level param (@ ngraef)DEPENDENCIES
e36b3c320
[email protected] (@ isaacs)6bb935c09
[email protected] (@ isaacs)e9cd536
Use custom cachingrealpath
implementation, dramatically reducinglstat
calls when reading the package tree (@ isaacs)39538b460
[email protected] (@ isaacs)f8b1552
#38 Ignore errors raised byfs.closeSync
(@ lukeapage)042193069
[email protected] (@ isaacs)8bbd051
#172 limit git retry times, avoid unlimited retries (小秦)92f5e4c
#170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)8bd8e909f
[email protected] (@ isaacs)47de8f5
#146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)5156561
fix(write): avoid acb never called
situation (@ zkat)90f40f0
#166 #165 docs: Fix docs forpath
property in get.info (@ hdgarrood)bf61c45c6
[email protected] (@ isaacs)f75d46a9d
[email protected] (@ isaacs)c80341a
#215 Fix encoding/decoding of base-256 numbers (@ justfalter)77522f0
#204 #214 Usestat
instead oflstat
when checking CWD (@ stkb)ec6236210
[email protected] (@ isaacs)63d1e3e
#30 Sort package tarball entries by file type for compression benefits (@ isaacs)7fcd045
Ignore.DS_Store
files as well as folders (@ isaacs)68b7c96
Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)57bef61bc
update fstream in node-gyp (@ isaacs)acbbf7eee
#183 [email protected] (@ kemitchell)011ae67f0
[email protected] (@ isaacs)f5e884909
[email protected] (@ isaacs)b57d07e35
[email protected] (@ isaacs)This release is identical to v6.9.1, but we had to publish a new version due to a .git directory in the release.
v6.9.1 (2019-03-20):
BUGFIXES
6b1a9da0e
#165 UpdateknownBroken
version. (@ ljharb)d07547154
npm.community#5929 Fixoutdated
rendering for global dependencies. (@ zkat)e4a1f1745
npm.community#6259 Fix OTP for token create and remove. (@ zkat)DEPENDENCIES
a163a9c35
[email protected]
(@ aeschright)47b08b3b9
[email protected]
(@ aeschright)d6a956cff
[email protected]
(@ aeschright)10b8bed2b
[email protected]
(@ aeschright)e7483704d
[email protected]
(@ aeschright)3242fe698
[email protected]
(@ aeschright)FEATURES
2ba3a0f67
#90 Time traveling installs using the--before
flag. (@ zkat)b7b54f2d1
#3 Add support for package aliases. This allows packages to be installed under a different directory than the package name listed inpackage.json
, and adds a new dependency type to allow this to be done for registry dependencies. (@ zkat)684bccf06
#146 Always savepackage-lock.json
when using--package-lock-only
. (@ aeschright)b8b8afd40
#139 Make empty-string run-scripts run successfully as a no-op. (@ vlasy)8047b19b1
npm.community#3784 Match git semver ranges when flattening the tree. (@ larsgw)e135c2bb3
npm.community#1725 Re-enable updating local packages. (@ larsgw)BUGFIXES
cf09fbaed
#153 Set modified to undefined innpm view
whentime
is not available. This fixes a bug wherenpm view
would crash on certain third-party registries. (@ simonua)774fc26ee
#154 Print out tar version ininstall.sh
only when the flag is supported not all the tar implementations support --version flag. This allows the install script to work in OpenBSD, for example. (@ agudulin)863baff11
#158 Fix typo in error message fornpm stars
. (@ phihag)a805a95ad
npm.community#4227 Strip version info from pkg on E404. This improves the error messaging format. (@ larsgw)DOCS
5d7633833
#160 Addnpm add
as alias to npm install in docs. (@ ahasall)489c2211c
#162 Fix link to RFC #10 in the changelog. (@ mansona)433020ead
#135 Describe exit codes in npm-audit docs. (@ emilis-tm)DEPENDENCIES
ee6b6746b
zkat/make-fetch-happen#29[email protected]
(@ TooTallNate)2ce23baf5
[email protected]
: Adds support for package aliases (@ zkat)baaedbc6e
[email protected]
: Adds opts.before support (@ zkat)57e771a03
#164[email protected]
(@ kemitchell)2b78288d4
add core to default inclusion tests in pack (@ zkat)9b8b6513f
npm.community#5382[email protected]
: Fixes bug wherecore/
directories were being suddenly excluded. (@ zkat)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Authentication Bypass