[Snyk] Upgrade npm from 6.4.1 to 6.11.1 #4
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk have raised this PR to upgrade
npm
from 6.4.1 to 6.11.1.The recommended version fixes:
Release notes
6.11.1 (2019-08-20):
Fix a regression for windows command shim syntax.
37db29647
cmd-shim@3.0.2
(@isaacs)v6.11.0 (2019-08-20):
A few meaty bugfixes, and introducing
peerDependenciesMeta
.FEATURES
a12341088
#224 Implements peerDependenciesMeta (@arcanis)2f3b79bba
#234 add new forbidden 403 error code (@claudiahdz)BUGFIXES
24acc9fc8
and45772af0d
#217 npm.community#8863 npm.community#9327 do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages (@isaacs and @salomvary)50cfe113d
#229 fixed typo in semver doc (@gall0ws)e8fb2a1bd
#231 Fix spelling mistakes in CHANGELOG-3.md (@XhmikosR)769d2e057
npm/uid-number#7 Better error on invalid--user
/--group
configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. (@isaacs)8b43c9624
nodejs/node#28987 npm.community#6032 npm.community#6658 npm.community#6069 npm.community#9323 Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. (@isaacs)8b85eaa47
save files with inferred ownership rather than relying onSUDO_UID
andSUDO_GID
. (@isaacs)b7f6e5f02
Infer ownership of shrinkwrap files (@isaacs)54b095d77
#235 Add spec to dist-tag remove function (@theberbie)DEPENDENCIES
dc8f9e52f
pacote@9.5.7
: Infer the ownership of all unpacked files innode_modules
, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. (@isaacs)bb33940c3
cmd-shim@3.0.0
:9c93ac3
#2 npm#3380 Handle environment variables properly (@basbossink)2d277f8
#25 #36 #35 Fix 'no shebang' case by always providing$basedir
in shell script (@igorklopov)adaf20b
#26 Fix$*
causing an error when arguments contain parentheses (@satazor)49f0c13
#30 Fix paths for MSYS/MINGW bash (@dscho)51a8af3
#34 Add proper support for PowerShell (@ExE-Boss)4c37e04
#10 Work around quoted batch file names (@isaacs)a4e279544
npm-lifecycle@3.1.3
(@isaacs):uid-number
raises an error7086a1809
libcipm@4.0.3
(@isaacs)8845141f9
read-package-json@2.1.0
(@isaacs)51c028215
bin-links@1.1.3
(@isaacs)534a5548c
read-cmd-shim@1.0.3
(@isaacs)3038f2fd5
gentle-fs@2.2.1
(@isaacs)a609a1648
graceful-fs@4.2.2
(@isaacs)f0346f754
cacache@12.0.3
(@isaacs)ca9c615c8
npm-pick-manifest@3.0.0
(@isaacs)b417affbf
pacote@9.5.8
(@isaacs)TESTS
b6df0913c
#228 Proper handing of /usr/bin/node lifecycle-path test (@olivr70)aaf98e88c
npm-registry-mock@1.3.0
(@isaacs)v6.10.3 (2019-08-06):
BUGFIXES
27cccfbda
#223 vulns → vulnerabilities in npm audit output (@sapegin)d5e865eb7
#222 #226 install, doctor: don't crash if registry unset (@dmitrydvorkin, @isaacs)5b3890226
#227 npm.community#9167 Handle unhandledRejections, tell user what to do when encountering anEACCES
error in the cache. (@isaacs)DEPENDENCIES
77516df6e
licensee@7.0.3
(@isaacs)ceb993590
query-string@6.8.2
(@isaacs)4050b9189
hosted-git-info@2.8.2
3b1d629
#48 fix http protocol using sshurl by default (@fengmk2)5d4a8d7
ignore noCommittish on tarball url generation (@isaacs)1692435
use gist tarball url that works for anonymous gists (@isaacs)d5cf830
Do not allow invalid gist urls (@isaacs)e518222
Use LRU cache to prevent unbounded memory consumption (@iarna)v6.10.2 (2019-07-23):
tl;dr - Fixes several issues with the cache when npm is run as
sudo
on Unix systems.TESTING
2a78b96f8
check test cache for root-owned files (@isaacs)108646ebc
run sudo tests on Travis-CI (@isaacs)cf984e946
set --no-esm tap flag (@isaacs)8e0a3100d
add script to run tests and leave fixtures for inspection and debugging (@isaacs)BUGFIXES
25f4f73f6
add a util for writing arbitrary files to cache This prevents metrics timing and debug logs from becoming root-owned. (@isaacs)2c61ce65d
infer cache owner from parent dir incorrect-mkdir
util (@isaacs)235e5d6df
ensure correct owner on cached all-packages metadata (@isaacs)e2d377bb6
npm.community#8540 audit: report server error on failure (@isaacs)52576a39e
#216 npm.community#5385 npm.community#6076 Fixnpm ci
withfile:
dependencies. Partially reverts #40/#86, recording dependencies of linked deps in order fornpm ci
to work. (@jfirebaugh)DEPENDENCIES
0fefdee13
cacache@12.0.2
(@isaacs)e1d87a392
pacote@9.5.4
(@isaacs)3f035bf09
infer-owner@1.0.4
(@isaacs)ba3283112
npm-registry-fetch@4.0.0
(@isaacs)ee90c334d
libnpm@3.0.1
(@isaacs)1e480c384
libnpmaccess@3.0.2
(@isaacs)7662ee850
libnpmhook@5.0.3
(@isaacs)1357fadc6
libnpmorg@1.0.1
(@isaacs)a621b5cb6
libnpmsearch@2.0.2
(@isaacs)560cd31dd
libnpmteam@1.0.2
(@isaacs)de7ae0867
npm-profile@4.0.2
(@isaacs)e95da463c
libnpm@3.0.1
(@isaacs)554b641d4
npm-registry-fetch@4.0.0
(@isaacs)06772f34a
node-gyp@5.0.3
(@isaacs)85358db80
npm-lifecycle@3.1.2
(@isaacs)051cf20
#26 fix switches for alternative shells on Windows (@gucong3000)3aaf954
#25 set only one PATH env variable for child process on Windows (@zkochan)ea18ed2
#36 #11 #18 remove procInterrupt listener on SIGINT in procError (@mattshin)5523951
#29 #30 Use platform specific path casing if present (@mattezell)6.10.2-next.3
v6.10.2-next.2
6.10.2-next.1
v6.10.2-next.0
BUGFIXES
3cbd57712
fix(git): strip GIT environs when running git (@isaacs)a81a8c4c4
#206 improve isOnly(Dev,Optional) (@larsgw)172f9aca6
#179 fix-xmas-underline (@raywu0123)f52673fc7
#212 build: use/usr/bin/env
to load bash (@rsmarples)DEPENDENCIES
ef4445ad3
#208node-gyp@5.0.2
(@irega)c0d611356
npm-lifecycle@3.0.0
(@isaacs)7716ba972
libcipm@4.0.0
(@isaacs)42d22e837
libnpm@3.0.0
(@isaacs)a2ea7f9ff
semver@5.7.0
(@isaacs)429226a5e
lru-cache@5.1.1
(@isaacs)175670ea6
npm-registry-fetch@3.9.1
: (@isaacs)0d0517f7f
call-limit@1.1.1
(@isaacs)741400429
glob@7.1.4
(@isaacs)bddd60e30
inherits@2.0.4
(@isaacs)4acf03fd1
libnpmsearch@2.0.1
(@isaacs)c2bd17291
marked@0.6.3
(@isaacs)7f0221bb1
marked-man@0.6.0
(@isaacs)f458fe7dd
npm-lifecycle@2.1.1
(@isaacs)009752978
node-gyp@4.0.0
(@isaacs)0fa2bb438
query-string@6.8.1
(@isaacs)b86450929
tar-stream@2.1.0
(@isaacs)25db00fe9
worker-farm@1.7.0
(@isaacs)8dfbe8610
readable-stream@3.4.0
(@isaacs)f6164d5dd
isaacs/chownr#21 isaacs/chownr#20 npm.community#7901 npm.community#8203chownr@1.1.2
This fixes an EISDIR error from cacache on Darwin in Node versions prior to 10.6. (@isaacs)6.10.1-next.2
from
npm
GitHub Release Notes🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs