chore(deps): update dependency npm to 8.11.0 [security] - autoclosed

[renovate[bot]]

This PR contains the following updates:

Package	Change
npm	8.9.0 -> 8.11.0

GitHub Vulnerability Alerts

CVE-2022-29244

Impact

npm pack ignores root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. --workspaces, --workspace=<name>). Anyone who has run npm pack or npm publish with workspaces, as of v7.9.0 & v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include.

Patch

• Upgrade to the latest, patched version of npm (v8.11.0 or greater), run: npm i -g npm@latest
• Node.js versions v16.15.1, v17.19.1 & v18.3.0 include the patched v8.11.0 version of npm

Steps to take to see if you're impacted

1. Run npm publish --dry-run or npm pack with an npm version >=7.9.0 & <8.11.0 inside the project's root directory using a workspace flag like: --workspaces or --workspace=<name> (ex. npm pack --workspace=foo)
2. Check the output in your terminal which will list the package contents (note: tar -tvf <package-on-disk> also works)
3. If you find that there are files included you did not expect, you should: 3.1. Create & publish a new release excluding those files (ref. "Keeping files out of your Package") 3.2. Deprecate the old package (ex. npm deprecate <pkg>[@&#8203;<version>] <message>) 3.3. Revoke or rotate any sensitive information (ex. passwords, tokens, secrets etc.) which might have been exposed

References

• CVE-2022-29244
• npm-packlist
• libnpmpack
• libnpmpublish

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov-commenter]

Codecov Report

Patch and project coverage have no change.

Comparison is base (2ad2a34) 99.42% compared to head (363a2cc) 99.42%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #496 +/- ## ======================================= Coverage 99.42% 99.42% ======================================= Files 36 36 Lines 2257 2257 Branches 192 192 ======================================= Hits 2244 2244 Misses 11 11 Partials 2 2 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=ScaleLeap). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=ScaleLeap)

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

[renovate[bot]]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/69/69ca011a2f50799c003e669d5322bf67dc50b0b53f6a734da7b20854793efd13/data?verify=1655741347-2pGgQWOgHxYTXZttJ3Jso9B3XcM%3D: dial tcp: lookup production.cloudflare.docker.com: Temporary failure in name resolution