search

bosonprotocol / reference-backend

[DEPRECATED] An example backend application for Boson Protocol
GNU Lesser General Public License v3.0
10 stars 0 forks source link

[Snyk] Upgrade npm from 7.6.3 to 7.24.2 #176

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade npm from 7.6.3 to 7.24.2.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary File Write
SNYK-JS-TAR-1579155		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-NPMCLIARBORIST-1579181		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-NPMCLIARBORIST-1579165		 425/1000
Why? CVSS 8.5		 No Known Exploit
Command Injection
SNYK-JS-NPMCLIGIT-1536784		 425/1000
Why? CVSS 8.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 425/1000
Why? CVSS 8.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: npm
  • 7.24.2 - 2021-10-04

    v7.24.2 (2021-10-04)

    BUG FIXES

    DEPENDENCIES

    • 69ab10bbf is-core-module@2.7.0
    • e94ddeaca @ npmcli/arborist@2.9.0:
      • fix: avoid infinite loops in peer dep replacements
      • fix: use Intl.Collator for string sorting when available
      • feat(vuln): expose isDirect

    DOCUMENTATION

  • 7.24.1 - 2021-09-23

    v7.24.1 (2021-09-23)

    DEPENDENCIES

    • 1be8d41e6 socks-proxy-agent@6.1.0:
      • feat: allow passing tls connection options
    • eafd55eae glob@7.2.0

    DOCS

  • 7.24.0 - 2021-09-16

    v7.24.0 (2021-09-16)

    FEATURES

    BUG FIXES

    DEPENDENCIES

    • ac8e4ad18 init-package-json@2.0.5:
      • fix: bin script path
    • 371655a6b minipass@3.1.5:
      • fix: re-emit 'error' event if missed and new listener added
      • fix: do not blow up if process is missing

    DOCUMENTATION

  • 7.23.0 - 2021-09-09

    v7.23.0 (2021-09-09)

    FEATURES

    BUG FIXES

    DOCUMENTATION

  • 7.22.0 - 2021-09-02

    v7.22.0 (2021-09-02)

    BUG FIXES

    DEPENDENCIES

    • 033e948c9 read-package-json@4.1.1:
      • feat: add types lookup
      • fix(man): don't lose relative man path
    • 1fa549db0 @ npmcli/config@2.3.0:
      • feat: export npm_config_local_prefix and npm_config_global_prefix to the environment
    • e91578d10 minpass-fetch@1.4.1:
      • Made rejectUnauthorized depend on NODE_TLS_REJECT_UNAUTHORIZED
    • 6125db545 are-we-there-yet@1.1.6
    • 0dcda73b0 string_decoder@1.3.0
    • 4b913417c npmlog@5.0.1
    • 876c755eb @ npmcli/arborist@2.8.3:
      • fix: do not fail adding unresolvable optional dep
  • 7.21.1 - 2021-08-26

    v7.21.1 (2021-08-26)

    BUG FIXES

    DEPENDENCIES

    • e3878536f make-fetch-happen@9.1.0:
      • fix: use the same strictSSL default as tls.connect
    • 145f70cc1 read-package-json@4.0.1:
      • fix: Add gitHead in subdirectories too
      • fix(man): don't resolve paths to man files
    • 3f4d37143 tar@6.1.11:
      • fix: perf regression on hot string munging path
    • e63a942c6 cacache@15.3.0:
      • feat: introduce @ npmcli/fs for tmp dir methods

    DOCUMENTATION

  • 7.21.0 - 2021-08-19
  • 7.20.6 - 2021-08-12
  • 7.20.5 - 2021-08-05
  • 7.20.4 - 2021-08-05
  • 7.20.3 - 2021-07-29
  • 7.20.2 - 2021-07-27
  • 7.20.1 - 2021-07-22
  • 7.20.0 - 2021-07-15
  • 7.19.1 - 2021-07-01
  • 7.19.0 - 2021-06-24
  • 7.18.1 - 2021-06-17
  • 7.18.0 - 2021-06-17
  • 7.17.0 - 2021-06-10
  • 7.16.0 - 2021-06-03
  • 7.15.1 - 2021-05-31
  • 7.15.0 - 2021-05-27
  • 7.14.0 - 2021-05-20
  • 7.13.0 - 2021-05-13
  • 7.12.1 - 2021-05-10
  • 7.12.0 - 2021-05-06
  • 7.11.2 - 2021-04-29
  • 7.11.1 - 2021-04-23
  • 7.11.0 - 2021-04-23
  • 7.10.0 - 2021-04-15
  • 7.9.0 - 2021-04-08
  • 7.8.0 - 2021-04-01
  • 7.7.6 - 2021-03-29
  • 7.7.5 - 2021-03-25
  • 7.7.4 - 2021-03-24
  • 7.7.3 - 2021-03-24
  • 7.7.2 - 2021-03-24
  • 7.7.1 - 2021-03-24
  • 7.7.0 - 2021-03-23
  • 7.6.3 - 2021-03-11
from npm GitHub release notes
Commit messages
Package name: npm
  • 04eb43f 7.24.2
  • a84c00f update AUTHORS
  • 6ef5ab1 docs: changelog for v7.24.2
  • 8171c50 chore: fix bundleDependencies in package-lock
  • 60715e3 chore: fix bundleDependencies
  • 827494c Revert "deps: arborist@2.10.0"
  • d7d5dd6 Revert "feat(workspaces): --include-workspace-root"
  • f17dfa0 feat(workspaces): --include-workspace-root
  • 8349c3c deps: arborist@2.10.0
  • bb0b2da fix(docs): add note about workspace script order
  • f425950 docs: remove npm Enterprise from documentation
  • dbb90f7 fix: use Intl.Collator for string sorting when available
  • e94ddea deps: @ npmcli/arborist@2.9.0
  • 075fe50 fix: restore exit code on "npm outdated"
  • 56d6cfd fix: encode url before opening
  • 69ab10b deps: is-core-module@2.7.0
  • 6ae8cbe 7.24.1
  • 6b996e5 update AUTHORS
  • 7b041e9 docs: changelog for v7.24.1
  • 1be8d41 deps: socks-proxy-agent@6.1.0
  • dae5ce3 docs: document special meaning of registry.npmjs.com
  • 6535dd9 chore: correct a typo in lib/deprecate.js
  • eafd55e deps: glob@7.2.0
  • 2c74190 7.24.0
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs