[Snyk] Upgrade pacote from 12.0.3 to 17.0.6

[jj-crypto]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade pacote from 12.0.3 to 17.0.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 44 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2024-01-17.

Release notes

Package name: pacote

• 17.0.6 - 2024-01-17
  

  17.0.6 (2024-01-16)

  Dependencies

  • 0a5920f #343 bump sigstore from 2.0.0 to 2.2.0 (#343) (@ bdehamer)

  Chores

  • 6fd23ad #342 postinstall for dependabot template-oss PR (@ lukekarrys)
  • c3b398a #342 bump @ npmcli/template-oss from 4.21.1 to 4.21.3 (@ dependabot[bot])
  • 4557919 #337 postinstall for dependabot template-oss PR (@ lukekarrys)
  • c7e293c #337 bump @ npmcli/template-oss from 4.19.0 to 4.21.1 (@ dependabot[bot])
• 17.0.5 - 2023-12-01
  

  17.0.5 (2023-12-01)

  Bug Fixes

  • 0c96b9e #338 bug to support rotated keys in signature/attestation audit (#338) (@ feelepxyz)
• 17.0.4 - 2023-08-30
  

  17.0.4 (2023-08-30)

  Dependencies

  • ba8f790 #309 bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
  • 2c0d3ae #308 bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 17.0.3 - 2023-08-24
  

  17.0.3 (2023-08-24)

  Dependencies

  • ace7c28 #305 bump npm-packlist from 7.0.4 to 8.0.0
• 17.0.2 - 2023-08-18
  

  17.0.2 (2023-08-18)

  Dependencies

  • c3b892d #303 bump sigstore from 1.3.0 to 2.0.0
• 17.0.1 - 2023-08-15
  

  17.0.1 (2023-08-15)

  Dependencies

  • 6ddae13 #302 bump npm-registry-fetch from 15.0.0 to 16.0.0
  • 42bf787 #300 bump npm-pick-manifest from 8.0.2 to 9.0.0
• 17.0.0 - 2023-08-15
  

  17.0.0 (2023-08-15)

  ⚠️ BREAKING CHANGES

  • support for node <=16.13 has been removed

  Bug Fixes

  • 2db2fb5 #296 drop node 16.13.x support (@ lukekarrys)

  Dependencies

  • e9e964b #299 bump read-package-json from 6.0.4 to 7.0.0
  • 5d26500 #298 bump npm-package-arg from 10.1.0 to 11.0.0
  • d13bb9c #294 bump @ npmcli/git from 4.1.0 to 5.0.0
  • 7a25e39 #293 bump cacache from 17.1.4 to 18.0.0
• 16.0.0 - 2023-08-11
  

  16.0.0 (2023-07-28)

  ⚠️ BREAKING CHANGES

  • the underlying fetch module now uses @ npmcli/agent. Backwards compatibility should be fully implemented but due to the scope of this change it was made a breaking change out of an abundance of caution.
  • support for node 14 has been removed

  Bug Fixes

  • 73b6297 #290 drop node14 support (#290) (@ wraithgar)

  Dependencies

  • 8dc6a32 bump minipass from 5.0.0 to 7.0.2
  • 7cebf19 bump npm-registry-fetch from 14.0.5 to 15.0.0
• 15.2.0 - 2023-05-18
  

  15.2.0 (2023-05-03)

  Features

  • 3307ad9 #278 configurable TUF cache dir (#278) (@ bdehamer)
• 15.1.3 - 2023-04-27
  

  15.1.3 (2023-04-27)

  Dependencies

  • c99db13 #271 bump minipass from 4.2.7 to 5.0.0 (#271)
• 15.1.2 - 2023-04-20
• 15.1.1 - 2023-02-21
• 15.1.0 - 2023-02-13
• 15.0.8 - 2022-12-15
• 15.0.7 - 2022-12-07
• 15.0.6 - 2022-11-02
• 15.0.5 - 2022-11-01
• 15.0.4 - 2022-10-26
• 15.0.3 - 2022-10-19
• 15.0.2 - 2022-10-18
• 15.0.1 - 2022-10-17
• 15.0.0 - 2022-10-13
• 14.0.0 - 2022-10-05
• 14.0.0-pre.3 - 2022-09-28
• 14.0.0-pre.2 - 2022-09-27
• 14.0.0-pre.1 - 2022-09-23
• 14.0.0-pre.0 - 2022-09-21
• 13.6.2 - 2022-08-16
• 13.6.1 - 2022-06-21
• 13.6.0 - 2022-06-01
• 13.5.0 - 2022-05-25
• 13.4.1 - 2022-05-19
• 13.4.0 - 2022-05-17
• 13.3.0 - 2022-05-04
• 13.2.0 - 2022-05-02
• 13.1.1 - 2022-04-06
• 13.1.0 - 2022-04-05
• 13.0.6 - 2022-04-05
• 13.0.5 - 2022-03-15
• 13.0.4 - 2022-03-14
• 13.0.3 - 2022-02-24
• 13.0.2 - 2022-02-16
• 13.0.1 - 2022-02-16
• 13.0.0 - 2022-02-15
• 12.0.3 - 2022-01-25

from pacote GitHub release notes

Commit messages

Package name: pacote

• e11d4fd chore: release 17.0.6 (test-vm-timeout fails on Ubuntu 10.04 nodejs/node#341)
• 0a5920f deps: bump sigstore from 2.0.0 to 2.2.0 (deps: make node-gyp fetch tarballs from iojs.org nodejs/node#343)
• 6fd23ad chore: postinstall for dependabot template-oss PR
• c3b398a chore: bump @ npmcli/template-oss from 4.21.1 to 4.21.3
• 4557919 chore: postinstall for dependabot template-oss PR
• c7e293c chore: bump @ npmcli/template-oss from 4.19.0 to 4.21.1
• 0683035 chore: release 17.0.5
• a06a459 chore: fix tests for zlib differences between node versions (test-debug-signal-cluster fails on centos7 nodejs/node#340)
• 0c96b9e fix: bug to support rotated keys in signature/attestation audit (Update README.md - capitalization of "io.js" nodejs/node#338)
• 9e9e187 chore: bump @ npmcli/arborist from 6.3.0 to 7.1.0
• aba301f chore: postinstall for dependabot template-oss PR
• 4598c3c chore: bump @ npmcli/template-oss from 4.18.1 to 4.19.0
• a07758b chore: postinstall for dependabot template-oss PR
• 7a6dff9 chore: bump @ npmcli/template-oss from 4.18.0 to 4.18.1
• 18e760f chore: release 17.0.4
• ba8f790 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae deps: bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 7aa2062 chore: release 17.0.3
• ace7c28 deps: bump npm-packlist from 7.0.4 to 8.0.0
• f1efd0c chore: release 17.0.2
• c3b892d deps: bump sigstore from 1.3.0 to 2.0.0
• c75d7d5 chore: release 17.0.1
• 6ddae13 deps: bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 deps: bump npm-pick-manifest from 8.0.2 to 9.0.0

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs