[Snyk] Security upgrade npm from 5.6.0 to 6.10.1#88
Open
Conversation
…ft/message-board/message-board-web/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAWK-6969142
Owner
Author
🎉 Snyk hasn't found any issues so far.✅ code/snyk check is completed. No issues were found. (View Details) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
openshift/message-board/message-board-web/package.jsonopenshift/message-board/message-board-web/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-HAWK-6969142
Release notes
Package name: npm
-
6.10.1 - 2019-07-11
-
6.10.1-next.2 - 2019-07-10
-
6.10.1-next.1 - 2019-07-03
-
6.10.1-next.0 - 2019-07-03
-
6.10.0 - 2019-07-03
- Addresses security advisory #886
-
6.10.0-next.0 - 2019-07-01
- Addresses security advisory #886
-
6.9.2 - 2019-06-27
-
6.9.1-next.0 - 2019-03-20
-
6.9.0 - 2019-03-06
-
6.9.0-next.0 - 2019-02-21
-
6.8.0 - 2019-02-13
-
6.8.0-next.2 - 2019-02-07
-
6.8.0-next.1 - 2019-02-06
-
6.8.0-next.0 - 2019-01-31
-
6.7.0 - 2019-01-23
-
6.6.0 - 2019-01-17
-
6.6.0-next.1 - 2019-01-10
-
6.6.0-next.0 - 2018-12-12
-
6.5.0 - 2018-12-10
-
6.5.0-next.0 - 2018-11-28
-
6.4.1 - 2018-08-29
-
6.4.1-next.0 - 2018-08-23
-
6.4.0 - 2018-08-15
-
6.4.0-next.0 - 2018-08-09
-
6.3.0 - 2018-08-02
-
6.3.0-next.0 - 2018-07-25
-
6.2.0 - 2018-07-14
-
6.2.0-next.1 - 2018-07-05
-
6.2.0-next.0 - 2018-06-29
-
6.1.0 - 2018-05-24
-
6.1.0-next.0 - 2018-05-17
-
6.0.1 - 2018-05-10
-
6.0.1-next.0 - 2018-05-04
-
6.0.0 - 2018-04-24
-
6.0.0-next.2 - 2018-04-21
-
6.0.0-next.1 - 2018-04-13
-
6.0.0-next.0 - 2018-03-23
-
5.10.0 - 2018-05-11
-
5.10.0-next.1 - 2018-05-07
-
5.10.0-next.0 - 2018-04-13
-
5.9.0-next.0 - 2018-03-23
-
5.8.0 - 2018-03-23
-
5.8.0-next.0 - 2018-03-13
-
5.7.1 - 2018-02-22
-
5.7.0 - 2018-02-21
-
5.6.0 - 2017-11-28
from npm GitHub release notesBUGFIXES
3cbd57712fix(git): strip GIT environs when running git (@ isaacs)a81a8c4c4#206 improve isOnly(Dev,Optional) (@ larsgw)172f9aca6#179 fix-xmas-underline (@ raywu0123)f52673fc7#212 build: use/usr/bin/envto load bash (@ rsmarples)DEPENDENCIES
ef4445ad3#208node-gyp@5.0.2(@ irega)c0d611356npm-lifecycle@3.0.0(@ isaacs)7716ba972libcipm@4.0.0(@ isaacs)42d22e837libnpm@3.0.0(@ isaacs)a2ea7f9ffsemver@5.7.0(@ isaacs)429226a5elru-cache@5.1.1(@ isaacs)175670ea6npm-registry-fetch@3.9.1: (@ isaacs)0d0517f7fcall-limit@1.1.1(@ isaacs)741400429glob@7.1.4(@ isaacs)bddd60e30inherits@2.0.4(@ isaacs)4acf03fd1libnpmsearch@2.0.1(@ isaacs)c2bd17291marked@0.6.3(@ isaacs)7f0221bb1marked-man@0.6.0(@ isaacs)f458fe7ddnpm-lifecycle@2.1.1(@ isaacs)009752978node-gyp@4.0.0(@ isaacs)0fa2bb438query-string@6.8.1(@ isaacs)b86450929tar-stream@2.1.0(@ isaacs)25db00fe9worker-farm@1.7.0(@ isaacs)8dfbe8610readable-stream@3.4.0(@ isaacs)f6164d5ddisaacs/chownr#21 isaacs/chownr#20 npm.community#7901 npm.community#8203chownr@1.1.2This fixes an EISDIR error from cacache on Darwin in Node versions prior to 10.6. (@ isaacs)6.10.1-next.2
6.10.1-next.1
6.10.1-next.0
FEATURES
87fef4e35#176 fix: Always return JSON for outdated --json (@ sreeramjayan)f101d44fc#203 fix(unpublish): add space after hyphen (@ ffflorian)a4475de4c#202 enable production flag for npm audit (@ CalebCourier)d192904d0#178 fix: Return a value forviewwhen in silent mode (@ stayradiated)39d473adf#185 Allow git to follow global tagsign config (@ junderw)BUGFIXES
d9238af0b#201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)4bec4f111#200 Check fornode(as well asnode.exe) in npm's local dir on Windows (@ rgoulais)ce93dab2d#180 npm.community#6187 Fix handling ofremotedeps innpm outdated(@ larsgw)TESTING
a823f3084travis: Update to include new v12 LTS (@ isaacs)33e2d1dacfix flaky debug-logs test (@ isaacs)e9411c6cdDon't time out waiting for gpg user input (@ isaacs)d2d301704#195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)a4dc34243parallel tests (@ isaacs)DOCUMENTATION
f5857e263#192 Clarify usage of bundledDependencies (@ john-osullivan)747fdaf66#159 doc: add --audit-level param (@ ngraef)DEPENDENCIES
e36b3c320graceful-fs@4.2.0 (@ isaacs)6bb935c09read-package-tree@5.3.1 (@ isaacs)e9cd536Use custom cachingrealpathimplementation, dramatically reducinglstatcalls when reading the package tree (@ isaacs)39538b460write-file-atomic@2.4.3 (@ isaacs)f8b1552#38 Ignore errors raised byfs.closeSync(@ lukeapage)042193069pacote@9.5.1 (@ isaacs)8bbd051#172 limit git retry times, avoid unlimited retries (小秦)92f5e4c#170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)8bd8e909fcacache@11.3.3 (@ isaacs)47de8f5#146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)5156561fix(write): avoid acb never calledsituation (@ zkat)90f40f0#166 #165 docs: Fix docs forpathproperty in get.info (@ hdgarrood)bf61c45c6bluebird@3.5.5 (@ isaacs)f75d46a9dtar@4.4.10 (@ isaacs)c80341a#215 Fix encoding/decoding of base-256 numbers (@ justfalter)77522f0#204 #214 Usestatinstead oflstatwhen checking CWD (@ stkb)ec6236210npm-packlist@1.4.4 (@ isaacs)63d1e3e#30 Sort package tarball entries by file type for compression benefits (@ isaacs)7fcd045Ignore.DS_Storefiles as well as folders (@ isaacs)68b7c96Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)57bef61bcupdate fstream in node-gyp (@ isaacs)acbbf7eee#183 licensee@7.0.2 (@ kemitchell)011ae67f0readable-stream@3.3.0 (@ isaacs)f5e884909npm-registry-mock@1.2.1 (@ isaacs)b57d07e35npm-registry-couchapp@2.7.2 (@ isaacs)FEATURES
87fef4e35#176 fix: Always return JSON for outdated --json (@ sreeramjayan)f101d44fc#203 fix(unpublish): add space after hyphen (@ ffflorian)a4475de4c#202 enable production flag for npm audit (@ CalebCourier)d192904d0#178 fix: Return a value forviewwhen in silent mode (@ stayradiated)39d473adf#185 Allow git to follow global tagsign config (@ junderw)BUGFIXES
d9238af0b#201 npm/npm#17858 npm/npm#18042 npm.community#644 do not crash when removing nameless packages (@ SteveVanOpstal and @ isaacs)4bec4f111#200 Check fornode(as well asnode.exe) in npm's local dir on Windows (@ rgoulais)ce93dab2d#180 npm.community#6187 Fix handling ofremotedeps innpm outdated(@ larsgw)TESTING
a823f3084travis: Update to include new v12 LTS (@ isaacs)33e2d1dacfix flaky debug-logs test (@ isaacs)e9411c6cdDon't time out waiting for gpg user input (@ isaacs)d2d301704#195 Add the arm64 check for legacy-platform-all.js test case. (@ ossdev07)a4dc34243parallel tests (@ isaacs)DOCUMENTATION
f5857e263#192 Clarify usage of bundledDependencies (@ john-osullivan)747fdaf66#159 doc: add --audit-level param (@ ngraef)DEPENDENCIES
e36b3c320graceful-fs@4.2.0 (@ isaacs)6bb935c09read-package-tree@5.3.1 (@ isaacs)e9cd536Use custom cachingrealpathimplementation, dramatically reducinglstatcalls when reading the package tree (@ isaacs)39538b460write-file-atomic@2.4.3 (@ isaacs)f8b1552#38 Ignore errors raised byfs.closeSync(@ lukeapage)042193069pacote@9.5.1 (@ isaacs)8bbd051#172 limit git retry times, avoid unlimited retries (小秦)92f5e4c#170 fix(errors): Fix "TypeError: err.code.match is not a function" error (@ jviotti)8bd8e909fcacache@11.3.3 (@ isaacs)47de8f5#146 npm.community#2395 fix(config): Add ssri config 'error' option (@ larsgw)5156561fix(write): avoid acb never calledsituation (@ zkat)90f40f0#166 #165 docs: Fix docs forpathproperty in get.info (@ hdgarrood)bf61c45c6bluebird@3.5.5 (@ isaacs)f75d46a9dtar@4.4.10 (@ isaacs)c80341a#215 Fix encoding/decoding of base-256 numbers (@ justfalter)77522f0#204 #214 Usestatinstead oflstatwhen checking CWD (@ stkb)ec6236210npm-packlist@1.4.4 (@ isaacs)63d1e3e#30 Sort package tarball entries by file type for compression benefits (@ isaacs)7fcd045Ignore.DS_Storefiles as well as folders (@ isaacs)68b7c96Never include .git folders in package root. (Note: this prevents the issue that broke the v6.9.1 release.) (@ isaacs)57bef61bcupdate fstream in node-gyp (@ isaacs)acbbf7eee#183 licensee@7.0.2 (@ kemitchell)011ae67f0readable-stream@3.3.0 (@ isaacs)f5e884909npm-registry-mock@1.2.1 (@ isaacs)b57d07e35npm-registry-couchapp@2.7.2 (@ isaacs)This release is identical to v6.9.1, but we had to publish a new version due to a .git directory in the release.
v6.9.1 (2019-03-20):
BUGFIXES
6b1a9da0e#165 UpdateknownBrokenversion. (@ ljharb)d07547154npm.community#5929 Fixoutdatedrendering for global dependencies. (@ zkat)e4a1f1745npm.community#6259 Fix OTP for token create and remove. (@ zkat)DEPENDENCIES
a163a9c35sha@3.0.0(@ aeschright)47b08b3b9query-string@6.4.0(@ aeschright)d6a956cffreadable-stream@3.2.0(@ aeschright)10b8bed2btacks@1.3.0(@ aeschright)e7483704dtap@12.6.0(@ aeschright)3242fe698tar-stream@2.0.1(@ aeschright)FEATURES
2ba3a0f67#90 Time traveling installs using the--beforeflag. (@ zkat)b7b54f2d1#3 Add support for package aliases. This allows packages to be installed under a different directory than the package name listed inpackage.json, and adds a new dependency type to allow this to be done for registry dependencies. (@ zkat)684bccf06#146 Always savepackage-lock.jsonwhen using--package-lock-only. (@ aeschright)b8b8afd40#139 Make empty-string run-scripts run successfully as a no-op. (@ vlasy)8047b19b1npm.community#3784 Match git semver ranges when flattening the tree. (@ larsgw)e135c2bb3npm.community#1725 Re-enable updating local packages. (@ larsgw)BUGFIXES
cf09fbaed#153 Set modified to undefined innpm viewwhentimeis not available. This fixes a bug wherenpm viewwould crash on certain third-party registries. (@ simonua)774fc26ee#154 Print out tar version ininstall.shonly when the flag is supported not all the tar implementations support --version flag. This allows the install script to work in OpenBSD, for example. (@ agudulin)863baff11#158 Fix typo in error message fornpm stars. (@ phihag)a805a95adnpm.community#4227 Strip version info from pkg on E404. This improves the error messaging format. (@ larsgw)DOCS
5d7633833#160 Addnpm addas alias to npm install in docs. (@ ahasall)489c2211c#162 Fix link to RFC #10 in the changelog. (@ mansona)433020ead#135 Describe exit codes in npm-audit docs. (@ emilis-tm)DEPENDENCIES
ee6b6746bzkat/make-fetch-happen#29agent-base@4.2.1(@ TooTallNate)2ce23baf5lock-verify@2.1.0: Adds support for package aliases (@ zkat)baaedbc6epacote@9.5.0: Adds opts.before support (@ zkat)57e771a03#164licensee@6.1.0(@ kemitchell)2b78288d4add core to default inclusion tests in pack (@ zkat)9b8b6513fnpm.community#5382npm-packlist@1.4.1: Fixes bug wherecore/directories were being suddenly excluded. (@ zkat)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Authentication Bypass