suyeoni / security-strategy-essentials

https://lab.github.com/githubtraining/security-strategy-essentials
MIT License
0 stars 0 forks source link

Bump npm from 6.14.11 to 7.5.6 #47

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps npm from 6.14.11 to 7.5.6.

Release notes

Sourced from npm's releases.

v7.5.6 (2021-02-22

BUG FIXES

DOCS

DEPENDENCIES

  • f3ae6ed0d read-package-json@3.0.1, read-package-json-fast@2.0.2
  • 9b311fe52 #2736 @npmcli/arborist@2.2.4:
    • Do not rely on underscore fields in package.json files
    • Do not remove global packages when updating by name
    • Keep yarn.lock and package-lock.json more in sync

v7.5.5 (2021-02-22)

BUG FIXES

DEPENDENCIES

  • 8c36697df @npmcli/arborist@2.2.3
  • d865b101f libnpmpack@2.0.1
    • respect silent loglevel
  • e606953e5 libnpmversion@1.0.11
    • respect silent loglevel
  • 9c51005a1 npm-package-arg@8.1.1
    • do a better job of detecting git specifiers like git@github.com:npm/cli
  • 8b6bf0db4 pacote@11.2.7
    • respect silent loglevel
    • fix INVALID_URL errors for certain git dependencies

TESTS

DOCUMENTATION

... (truncated)

Changelog

Sourced from npm's changelog.

v7.5.6 (2021-02-22

BUG FIXES

DOCS

DEPENDENCIES

  • f3ae6ed0d read-package-json@3.0.1, read-package-json-fast@2.0.2
  • 9b311fe52 #2736 @npmcli/arborist@2.2.4:
    • Do not rely on underscore fields in package.json files
    • Do not remove global packages when updating by name
    • Keep yarn.lock and package-lock.json more in sync

v7.5.5 (2021-02-22)

BUG FIXES

DEPENDENCIES

... (truncated)

Commits
  • 0c6bb2b 7.5.6
  • 56535d4 update AUTHORS
  • 9924d76 update tests for new @npmcli/arborist behavior
  • cd90669 docs: changelog for 7.5.6
  • 9b311fe @npmcli/arborist@2.2.4
  • f3ae6ed read-package-json@3.0.1, read-package-json-fast@2.0.2
  • 3c72ab4 Capitalize Package in a Heading
  • ad4d12e Move implementation to separate package
  • 773ae3e chore(refactor): clean up lifecycle-cmds
  • 4e58274 Do not print error banner for shell proxy commands
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 3 years ago

Superseded by #48.