[Snyk] Upgrade npm from 6.4.1 to 6.14.0

[snyk-bot]

Snyk has created this PR to upgrade npm from 6.4.1 to 6.14.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 42 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2020-02-25.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Arbitrary File Write SNYK-JS-NPM-537606	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-NPM-537603	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	No Known Exploit
	Arbitrary File Write SNYK-JS-BINLINKS-537610	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	Unauthorized File Access SNYK-JS-NPM-537604	Proof of Concept
	Unauthorized File Access SNYK-JS-BINLINKS-537609	Proof of Concept

Release notes

Package name: npm

• 6.14.0 - 2020-02-25
  

  6.14.0 (2020-02-25)

  FEATURES

  • 30f170877 #731 add support for multiple funding sources (@ljharb & @ruyadorno)

  BUG FIXES

  • 55916b130 #508 fix: check npm.config before accessing its members (@kaiyoma)
  • 7d0cd65b2 #733 fix: access grant with unscoped packages (@netanelgilad)
  • 28c3d40d6, 0769c5b20 #945, #697 fix: allow new major versions of node to be automatically considered "supported" (@isaacs, @ljharb)

  DEPENDENCIES

  • 6f39e93 [email protected] (@darcyclarke)
    • fix: passwords & usernames are escaped properly in git deps (@stevenhilder)
  • f14b594ee [email protected] (@isaacs)
  • 77044150b [email protected] (@isaacs)
  • 1d112461a [email protected] (@isaacs)
    • ba8b4fe fix: always bypass cache when ?write=true
  • a47fed760 [email protected]
    • 3bbf2d6 fix: babel's "loose mode" class transform enbrittles BufferList (@ljharb)

  DOCUMENTATION

  • 284c1c055, fbb5f0e50 #729 update lifecycle hooks docs
    (@seanhealy, @mikemimik)
  • 1c272832d #787 fix: trademarks typo (@dnicolson)
  • f6ff41776 #936 fix: postinstall example (@ajaymathur)
  • 373224b16 #939 fix: bad links in publish docs (@vit100)

  MISCELLANEOUS

  • 85c79636d #736 add script to update dist-tags (@mikemimik)
• 6.13.7 - 2020-01-28
  

  6.13.7 (2020-01-28)

  BUG FIXES

  • 7dbb91438 #655 Update CI detection cases (@isaacs)

  DEPENDENCIES

  • 0fb1296c7 [email protected] (@mikemimik)
  • c9b69d569 [email protected] (@mikemimik)
  • e8dbaf452 [email protected] (@mikemimik)
    • #613 Fixes bin entry for package
• 6.13.6 - 2020-01-09
  

  6.13.6 (2020-01-09)

  DEPENDENCIES

  • 6dba897a1 [email protected]:
    • d2f4176 fix(git): Do not drop uid/gid when executing in root-owned directory (@isaacs)
• 6.13.5 - 2020-01-09
  

  6.13.5 (2020-01-09)

  BUG FIXES

  • fd0a802ec #550 Fix cache location for npm ci (@zhenyavinogradov)
  • 4b30f3cca #648 fix(version): using 'allow-same-version', git commit --allow-empty and git tag -f (@rhengles)

  TESTING

  • e16f68d30 test(ci): add failing cache config test (@ruyadorno)
  • 3f009fbf2 #659 test: fix bin-overwriting test on Windows (@isaacs)
  • 43ae0791f #601 ci: Allow builds to run even if one fails (@XhmikosR)
  • 4a669bee4 #603 Remove the unused appveyor.yml (@XhmikosR)
  • 9295046ac #600 ci: switch to actions/checkout@v2 (@XhmikosR)

  DOCUMENTATION

  • f2d770ac7 #569 fix netlify publish path config (@claudiahdz)
  • 462cf0983 #627 update gatsby dependencies (@felixonmars)
  • 6fb5dbb72 #532 docs: clarify usage of global prefix (@jgehrcke)
• 6.13.4 - 2019-12-11
  

  6.13.4 (2019-12-11)

  BUGFIXES

  • 320ac9aee npm/bin-links#12 npm/gentle-fs#7 Do not remove global bin/man links inappropriately (@isaacs)

  DEPENDENCIES

  • 52fd21061 [email protected] (@isaacs)
  • d06f5c0b0 [email protected] (@isaacs)
• 6.13.3 - 2019-12-10
  

  6.13.3 (2019-12-09)

  DEPENDENCIES

  • 19ce061a2 [email protected] Properly normalize, sanitize, and verify bin entries in package.json.
  • 59c836aae [email protected]
  • fb4ecd7d2 [email protected]
    • 5f33040 #476 npm/pacote#22 npm/pacote#14 fix: Do not drop perms in git when not root (isaacs, @darcyclarke)
    • 6f229f7 sanitize and normalize package bin field (isaacs)
  • 1743cb339 [email protected]
• 6.13.2 - 2019-12-03
  

  6.13.2 (2019-12-03)

  BUG FIXES

  • 4429645b3 #546 fix docs target typo (@richardlau)
  • 867642942 #142 fix(packageRelativePath): fix 'where' for file deps (@larsgw)
  • d480f2c17 #527 Revert "windows: Add preliminary WSL support for npm and npx" (@craigloewen-msft)
  • e4b97962e #504 remove unnecessary package.json read when reading shrinkwrap (@Lighting-Jack)
  • 1c65d26ac #501 fix(fund): open url for string shorthand (@ruyadorno)
  • ae7afe565 #263 Don't log error message if git tagging is disabled (@woppa684)
  • 4c1b16f6a #182 Warn the user that it is uninstalling npm-install (@Hoidberg)
• 6.13.1 - 2019-11-18
  

  6.13.1 (2019-11-18)

  BUG FIXES

  • 938d6124d #472 fix(fund): support funding string shorthand (@ruyadorno)
  • b49c5535b #471 should not publish tap-snapshot folder (@ruyadorno)
  • 3471d5200 #253 Add preliminary WSL support for npm and npx (@infinnie)
  • 3ef295f23 #486 print quick audit report for human output (@isaacs)

  TESTING

  • dbbf977ac #278 added workflow to trigger and run benchmarks (@mikemimik)
  • b4f5e3825 #457 feat(docs): adding tests and updating docs to reflect changes in registry teams API. (@nomadtechie)
  • 454c7dd60 #456 fix git configs for git 2.23 and above (@isaacs)

  DOCUMENTATION

  • b8c1576a4 30b013ae8 26c1b2ef6 9f943a765 c0346b158 8e09d5ad6 4a2f551ee 87d67258c 5c3b32722 b150eaeff 7555a743c b89423e2f #463 #285 #268 #232 #485 #453 docs cleanup: typos, styling and content (@claudiahdz) (@XhmikosR) (@mugli) (@brettz9) (@mkotsollaris)

  DEPENDENCIES

  • 661d86cd2 [email protected] (@claudiahdz)
• 6.13.0 - 2019-11-05
  

  6.13.0 (2019-11-05)

  NEW FEATURES

  • 4414b06d9 #273 add fund command (@ruyadorno)

  DOCUMENTATION

  • ae4c74d04 #274 migrate existing docs to gatsby (@claudiahdz)
  • 4ff1bb180 #277 updated documentation copy (@oletizi)

  BUG FIXES

  • e4455409f #281 delete ps1 files on package removal (@NoDocCat)
  • cd14d4701 #279 update supported node list to remove v6.0, v6.1, v9.0 - v9.2 (@ljharb)

  DEPENDENCIES

  • a37296b20 [email protected]
  • d3cb3abe8 [email protected]

  TESTING

  • 688cd97be #272 use github actions for CI (@JasonEtco)
  • 9a2d8af84 #240 Clean up some flakiness and inconsistency (@isaacs)
• 6.12.1 - 2019-10-29
  

  6.12.1 (2019-10-29)

  BUG FIXES

  • 6508e833d #269 add node v13 as a supported version (@ljharb)
  • b6588a8f7 #265 Fix regression in lockfile repair for sub-deps (@feelepxyz)
  • d5dfe57a1 #266 resolve circular dependency in pack.js (@addaleax)

  DEPENDENCIES

  • 73678bb59 [email protected]
  • 4b76926e2 [email protected]
  • c691f36a9 [email protected]
  • 5e1a14975 [email protected]
  • c194482d6 [email protected]
  • bc6a8e0ec [email protected]
  • 4dcca3cbb [email protected]
• 6.12.0 - 2019-10-08
• 6.12.0-next.0 - 2019-09-26
• 6.11.3 - 2019-09-03
• 6.11.2 - 2019-08-22
• 6.11.1 - 2019-08-21
• 6.11.0 - 2019-08-20
• 6.10.3 - 2019-08-06
• 6.10.2 - 2019-07-23
• 6.10.2-next.3 - 2019-07-22
• 6.10.2-next.2 - 2019-07-21
• 6.10.2-next.1 - 2019-07-17
• 6.10.2-next.0 - 2019-07-16
• 6.10.1 - 2019-07-11
• 6.10.1-next.2 - 2019-07-10
• 6.10.1-next.1 - 2019-07-03
• 6.10.1-next.0 - 2019-07-03
• 6.10.0 - 2019-07-03
• 6.10.0-next.0 - 2019-07-01
• 6.9.2 - 2019-06-27
• 6.9.1-next.0 - 2019-03-20
• 6.9.0 - 2019-03-06
• 6.9.0-next.0 - 2019-02-21
• 6.8.0 - 2019-02-13
• 6.8.0-next.2 - 2019-02-07
• 6.8.0-next.1 - 2019-02-06
• 6.8.0-next.0 - 2019-01-31
• 6.7.0 - 2019-01-23
• 6.6.0 - 2019-01-17
• 6.6.0-next.1 - 2019-01-10
• 6.6.0-next.0 - 2018-12-12
• 6.5.0 - 2018-12-10
• 6.5.0-next.0 - 2018-11-28
• 6.4.1 - 2018-08-29

from npm GitHub release notes

Commit messages

Package name: npm

• 83293c4 6.14.0
• e01f338 update AUTHORS
• 31ca3a8 docs: changelog for 6.14.0
• 7602146 [email protected]
• 3d48893 [email protected]
• ea0ff56 [email protected]
• 89ce4cc [email protected]
• a6789b1 [email protected]
• d383adb fix: supported version implementation update linting & test coverage
• 28c3d40 Use a package.json engines field to specify support
• 0769c5b allow new majors of node to be automatically considered supported
• 30f1708 fund: support multiple funding sources
• 373224b Update npm-publish.md
• f6ff417 updated script to say postinstall to show intention
• 1c27283 Correct typo
• 85c7963 feat: added script to update dist-tags
• 7d0cd65 access: grant is ok with non-scoped
• 284c1c0 docs: updated scripts docs in using-npm section
• fbb5f0e First take on breaking out the lifecycle hooks.
• 55916b1 fix: check `npm.config` before accessing its members
• f533d61 6.13.7
• 5897df4 update AUTHORS
• dcafdd9 updated changelog for [email protected]
• 0fb1296 [email protected]

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[ghost]

Congratulations 🍻. DeepCode analyzed your code in 0.380 seconds and we found no issues. Enjoy a moment of no bugs ☀️.

💬 This comment has been generated by the DeepCode bot, installed by the owner of the repository. The DeepCode bot protects your repository by detecting and commenting on security vulnerabilities or other critical issues.

---

☺️ If you want to provide feedback on our bot, here is how to contact us.