Bump npm from 6.3.0 to 6.4.0

[dependabot-preview[bot]]

Bumps npm from 6.3.0 to 6.4.0.

Release notes

*Sourced from [npm's releases](https://github.com/npm/cli/releases).* > ## v6.4.0 > ### NEW FEATURES > > * [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7) [npm/cli#8](https://github-redirect.dependabot.com/npm/cli/pull/8) Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking `:_authToken`. ([[**mkhl**](https://github.com/mkhl)](https://github.com/mkhl)) > * [`84bfd23e7`](https://github.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022) [npm/cli#35](https://github-redirect.dependabot.com/npm/cli/pull/35) Stop filtering out non-IPv4 addresses from `local-addrs`, making npm actually use IPv6 addresses when it must. ([[**valentin2105**](https://github.com/valentin2105)](https://github.com/valentin2105)) > * [`792c8c709`](https://github.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd) [npm/cli#31](https://github-redirect.dependabot.com/npm/cli/pull/31) configurable audit level for non-zero exit `npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected. ([[**lennym**](https://github.com/lennym)](https://github.com/lennym)) > > ### BUGFIXES > > * [`d81146181`](https://github.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c) [npm/cli#32](https://github-redirect.dependabot.com/npm/cli/pull/32) Don't check for updates to npm when we are updating npm itself. ([[**olore**](https://github.com/olore)](https://github.com/olore)) > > ### DEPENDENCY UPDATES > > A very special dependency update event! Since the [release of `node-gyp@3.8.0`](https://github-redirect.dependabot.com/nodejs/node-gyp/pull/1521), an awkward version conflict that was preventing `request` from begin flattened was resolved. This means two things: > > 1. We've cut down the npm tarball size by another 200kb, to 4.6MB > 2. `npm audit` now shows no vulnerabilities for npm itself! > > Thanks, [[**rvagg**](https://github.com/rvagg)](https://github.com/rvagg)! > > * [`866d776c2`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6) `request@2.87.0` ([[**simov**](https://github.com/simov)](https://github.com/simov)) > * [`f861c2b57`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f) `node-gyp@3.8.0` ([[**rvagg**](https://github.com/rvagg)](https://github.com/rvagg)) > * [`32e6947c6`](https://github.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9) [npm/cli#39](https://github-redirect.dependabot.com/npm/cli/pull/39) `colors@1.1.2`: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. ([[**iarna**](https://github.com/iarna)](https://github.com/iarna)) > * [`beb96b92c`](https://github.com/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335) `libcipm@2.0.1` ([[**zkat**](https://github.com/zkat)](https://github.com/zkat)) > * [`348fc91ad`](https://github.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1) `validate-npm-package-license@3.0.4`: Fixes errors with empty or string-only license fields. ([[**Gudahtt**](https://github.com/Gudahtt)](https://github.com/Gudahtt)) > * [`e57d34575`](https://github.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550) `iferr@1.0.2` ([[**shesek**](https://github.com/shesek)](https://github.com/shesek)) > * [`46f1c6ad4`](https://github.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c) `tar@4.4.6` ([[**isaacs**](https://github.com/isaacs)](https://github.com/isaacs)) > * [`50df1bf69`](https://github.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561) `hosted-git-info@2.7.1` ([[**iarna**](https://github.com/iarna)](https://github.com/iarna)) > ([[**Erveon**](https://github.com/Erveon)](https://github.com/Erveon)) ([[**huochunpeng**](https://github.com/huochunpeng)](https://github.com/huochunpeng)) > > ### DOCUMENTATION > > * [`af98e76ed`](https://github.com/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a) [npm/cli#34](https://github-redirect.dependabot.com/npm/cli/pull/34) Remove `npm publish` from list of commands not affected by `--dry-run`. ([[**joebowbeer**](https://github.com/joebowbeer)](https://github.com/joebowbeer)) > * [`e2b0f0921`](https://github.com/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce) [npm/cli#36](https://github-redirect.dependabot.com/npm/cli/pull/36) Tweak formatting in repository field examples. ([[**noahbenham**](https://github.com/noahbenham)](https://github.com/noahbenham)) > * [`e2346e770`](https://github.com/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a) [npm/cli#14](https://github-redirect.dependabot.com/npm/cli/pull/14) Used `process.env` examples to make accessing certain `npm run-scripts` environment variables more clear. ([[**mwarger**](https://github.com/mwarger)](https://github.com/mwarger)) > > ## v6.4.0-next.0 > This release became [`npm@6.4.0`](https://github.com/npm/cli/releases/tag/v6.4.0).

Changelog

*Sourced from [npm's changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md).* > ## v6.4.0 (2018-09-08): > > ### NEW FEATURES > > * [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7) > [npm/cli#8](https://github-redirect.dependabot.com/npm/cli/pull/8) > Search for authentication token defined by environment variables by preventing > the translation layer from env variable to npm option from breaking > `:_authToken`. > ([[**mkhl**](https://github.com/mkhl)](https://github.com/mkhl)) > * [`84bfd23e7`](https://github.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022) > [npm/cli#35](https://github-redirect.dependabot.com/npm/cli/pull/35) > Stop filtering out non-IPv4 addresses from `local-addrs`, making npm actually > use IPv6 addresses when it must. > ([[**valentin2105**](https://github.com/valentin2105)](https://github.com/valentin2105)) > * [`792c8c709`](https://github.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd) > [npm/cli#31](https://github-redirect.dependabot.com/npm/cli/pull/31) > configurable audit level for non-zero exit > `npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. > Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. > Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected. > ([[**lennym**](https://github.com/lennym)](https://github.com/lennym)) > > ### BUGFIXES > > * [`d81146181`](https://github.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c) > [npm/cli#32](https://github-redirect.dependabot.com/npm/cli/pull/32) > Don't check for updates to npm when we are updating npm itself. > ([[**olore**](https://github.com/olore)](https://github.com/olore)) > > ### DEPENDENCY UPDATES > > A very special dependency update event! Since the [release of > `node-gyp@3.8.0`](https://github-redirect.dependabot.com/nodejs/node-gyp/pull/1521), an awkward > version conflict that was preventing `request` from begin flattened was > resolved. This means two things: > > 1. We've cut down the npm tarball size by another 200kb, to 4.6MB > 2. `npm audit` now shows no vulnerabilities for npm itself! > > Thanks, [[**rvagg**](https://github.com/rvagg)](https://github.com/rvagg)! > > * [`866d776c2`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6) > `request@2.87.0` > ([[**simov**](https://github.com/simov)](https://github.com/simov)) > * [`f861c2b57`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f) > `node-gyp@3.8.0` > ([[**rvagg**](https://github.com/rvagg)](https://github.com/rvagg)) > * [`32e6947c6`](https://github.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9) > [npm/cli#39](https://github-redirect.dependabot.com/npm/cli/pull/39) > ... (truncated)

Commits

- [`58ece89`](https://github.com/npm/cli/commit/58ece8973f43c77b1f4f44ded0f49556ad30eb57) 6.4.0 - [`361226d`](https://github.com/npm/cli/commit/361226dc0e5df9d5f78d75de3ef654a3ebdc9b15) 6.4.0-next.0 - [`214ef61`](https://github.com/npm/cli/commit/214ef61ccd36094ddfcfb9d7015720ff23d973a4) update AUTHORS - [`dbbb75c`](https://github.com/npm/cli/commit/dbbb75c462832941e8dc4c72131491beb957bd95) doc: update changelog for npm@6.4.0 - [`f861c2b`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f) node-gyp@3.8.0 - [`866d776`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6) request@2.87.0 - [`50df1bf`](https://github.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561) hosted-git-info@2.7.1 - [`46f1c6a`](https://github.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c) tar@4.4.6 - [`e57d345`](https://github.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550) iferr@1.0.2 - [`348fc91`](https://github.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1) validate-npm-package-license@3.0.4 - Additional commits viewable in [compare view](https://github.com/npm/cli/compare/v6.3.0...v6.4.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.