[Snyk] Fix for 1 vulnerabilities

[terrorizer1980]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @npmcli/arborist

The new version differs by 250 commits.

• d0e7491 chore: release 10.0.0
• b8a5764 chore: fix flaky log file tests
• 7f81e96 chore: use maxSockets:1 for some flaky arborist reify tests
• fb31c7e feat: trigger release process
• 48a7b07 feat: remove prerelease flags
• 52cb638 chore: release 10.0.0-pre.1
• 9e444ca chore: fix bundle version in libnpmpublish tests (doc: make the documentation print-friendly nodejs/node#6748)
• 171b8a0 chore: remove extra git dirty check from ci
• 323cc4f chore: drop node14 support in private mock-globals workspace
• 5ab3f7e deps: @ npmcli/git@5.0.3
• eb41977 deps: @ npmcli/run-script@7.0.1
• f30c9e3 deps: @ npmcli/git@5.0.2
• f334466 deps: pacote@17.0.4
• bb63bf9 deps: @ npmcli/run-script@7.0.0
• 75642c6 deps: @ npmcli/promise-spawn@7.0.0
• dbb18f4 deps: @ npmcli/agent@2.1.0
• 812aa6d deps: sigstore@2.1.0
• 7fab9d3 deps: @ sigstore/tuf@2.1.0
• 12337cc deps: which@4.0.0
• b1ad3ad deps: npm-packlist@8.0.0
• 43831d0 deps: pacote@17.0.3
• 44e8fec deps: pacote@17.0.2
• 0d2e2c9 deps: bump sigstore from 1.7.0 to 2.0.0
• ec7a430 chore: audit fix for semver in nested dev deps

See the full diff

Package name: @npmcli/run-script

The new version differs by 113 commits.

• fcebe38 chore: release 7.0.2
• 30623cf deps: bump node-gyp from 9.4.1 to 10.0.0
• 54e5bd0 chore: postinstall for dependabot template-oss PR
• 7d95e9f chore: bump @ npmcli/template-oss from 4.18.1 to 4.19.0
• 90bcf54 chore: postinstall for dependabot template-oss PR
• ba0ab48 chore: bump @ npmcli/template-oss from 4.18.0 to 4.18.1
• 43ccfc7 chore: release 7.0.1
• f61fd84 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 87b740b chore: release 7.0.0
• e1b1a3c fix: drop node14 support
• a8045a9 deps: bump which from 3.0.1 to 4.0.0
• c4f4fb4 chore: postinstall for dependabot template-oss PR
• dacd67e chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 9d2d807 chore: postinstall for dependabot template-oss PR
• 8b21725 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• d9a0cc0 chore: release 6.0.2
• 545f3be fix: handle signals more correctly (docs: Supplement docs for Writable and Transform streams nodejs/node#142)
• 1cbd286 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (Clarify that “io.js” is the only correct name nodejs/node#151)
• 581be58 docs: fix syntax in example (domain: add soft deprecation notice nodejs/node#141)
• 24f12b2 chore: release 6.0.1
• 728b270 chore: enable auto-publish (build: fix dtrace-enabled build on os x nodejs/node#150)
• 6c1cb21 chore: bump @ npmcli/template-oss from 4.12.1 to 4.14.1 (doc: added node-forward TC meeting 2014-10-15 nodejs/node#148)
• 3a8f085 fix: remove unused dependency on minipass (Support io.js Dockerfile or Docker Repo nodejs/node#147)
• 72c3e2f chore: bump @ npmcli/template-oss from 4.12.0 to 4.12.1 (doc: added TC meeting minutes for 2014-12-10 nodejs/node#144)

See the full diff

Package name: glob

The new version differs by 114 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d minimatch@7.3.0
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd minimatch@7.2.0
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: init-package-json

The new version differs by 37 commits.

• 6b7dbaf chore: release 4.0.0 (buffer: add indexOf method nodejs/node#160)
• ea53243 chore: bump @ npmcli/config from 4.2.2 to 6.0.0 (Graceful FS by default nodejs/node#167)
• 99e3307 chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0 (buffer: added Buffer methods to r/w 24 bits integers. nodejs/node#169)
• b869b31 deps: bump read-package-json from 5.0.2 to 6.0.0 (Get all headers 3992 nodejs/node#170)
• d342821 deps: bump validate-npm-package-name from 4.0.0 to 5.0.0 (Release Cycle Proposal nodejs/node#168)
• a9b2e54 chore: postinstall for dependabot template-oss PR
• 9eacc7e chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• ada46c8 chore: postinstall for dependabot template-oss PR
• bb17043 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• e8ea83a feat!: postinstall for dependabot template-oss PR
• 2eeb977 chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 18e3c78 chore: postinstall for dependabot template-oss PR
• 197e9c3 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 8abb642 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (Inbound data lost when TLS connection resets. nodejs/node#149)
• 64ad963 chore: postinstall for dependabot template-oss PR
• 6f0fbd3 chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 9023742 chore: bump @ npmcli/template-oss from 3.2.1 to 3.4.1 (Support io.js Dockerfile or Docker Repo nodejs/node#147)
• e063094 chore(main): release 3.0.2 (docs: Supplement docs for Writable and Transform streams nodejs/node#142)
• e4ba49a chore: bump @ npmcli/template-oss from 3.2.0 to 3.2.1 (doc: cherry-pick tc-minutes from master nodejs/node#143)
• fa7574a deps: bump validate-npm-package-name from 3.0.0 to 4.0.0 (doc: added TC meeting minutes for 2014-12-10 nodejs/node#144)
• b1ec548 deps: update npm-package-arg requirement from ^9.0.0 to ^9.0.1 (Introduce the Nil Object nodejs/node#136)
• 3b443aa chore: bump tap from 15.2.3 to 16.0.1 (domain: add soft deprecation notice nodejs/node#141)
• d8bdf52 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.0 (install,windows: symlink iojs -> node? nodejs/node#140)
• a1348c6 chore: release 3.0.1 (io.js (IO.js? iojs?) and node.js documentation fragmentation nodejs/node#135)

See the full diff

Package name: libnpmexec

The new version differs by 250 commits.

• d0e7491 chore: release 10.0.0
• b8a5764 chore: fix flaky log file tests
• 7f81e96 chore: use maxSockets:1 for some flaky arborist reify tests
• fb31c7e feat: trigger release process
• 48a7b07 feat: remove prerelease flags
• 52cb638 chore: release 10.0.0-pre.1
• 9e444ca chore: fix bundle version in libnpmpublish tests (doc: make the documentation print-friendly nodejs/node#6748)
• 171b8a0 chore: remove extra git dirty check from ci
• 323cc4f chore: drop node14 support in private mock-globals workspace
• 5ab3f7e deps: @ npmcli/git@5.0.3
• eb41977 deps: @ npmcli/run-script@7.0.1
• f30c9e3 deps: @ npmcli/git@5.0.2
• f334466 deps: pacote@17.0.4
• bb63bf9 deps: @ npmcli/run-script@7.0.0
• 75642c6 deps: @ npmcli/promise-spawn@7.0.0
• dbb18f4 deps: @ npmcli/agent@2.1.0
• 812aa6d deps: sigstore@2.1.0
• 7fab9d3 deps: @ sigstore/tuf@2.1.0
• 12337cc deps: which@4.0.0
• b1ad3ad deps: npm-packlist@8.0.0
• 43831d0 deps: pacote@17.0.3
• 44e8fec deps: pacote@17.0.2
• 0d2e2c9 deps: bump sigstore from 1.7.0 to 2.0.0
• ec7a430 chore: audit fix for semver in nested dev deps

See the full diff

Package name: libnpmfund

The new version differs by 250 commits.

• 4f18871 chore: release 10.0.0-pre.1
• 9e444ca chore: fix bundle version in libnpmpublish tests (doc: make the documentation print-friendly nodejs/node#6748)
• 171b8a0 chore: remove extra git dirty check from ci
• 323cc4f chore: drop node14 support in private mock-globals workspace
• 5ab3f7e deps: @ npmcli/git@5.0.3
• eb41977 deps: @ npmcli/run-script@7.0.1
• f30c9e3 deps: @ npmcli/git@5.0.2
• f334466 deps: pacote@17.0.4
• bb63bf9 deps: @ npmcli/run-script@7.0.0
• 75642c6 deps: @ npmcli/promise-spawn@7.0.0
• dbb18f4 deps: @ npmcli/agent@2.1.0
• 812aa6d deps: sigstore@2.1.0
• 7fab9d3 deps: @ sigstore/tuf@2.1.0
• 12337cc deps: which@4.0.0
• b1ad3ad deps: npm-packlist@8.0.0
• 43831d0 deps: pacote@17.0.3
• 44e8fec deps: pacote@17.0.2
• 0d2e2c9 deps: bump sigstore from 1.7.0 to 2.0.0
• ec7a430 chore: audit fix for semver in nested dev deps
• 425c6dd chore: nock@13.3.0
• 694e4cb chore: tap@16.3.8
• ff045cc chore: check git status after deps
• 9b54ace chore: update doctor snapshots for new proxy messages
• b34ee65 fix: set objectMode for search filter stream

See the full diff

Package name: libnpmpack

The new version differs by 250 commits.

• d0e7491 chore: release 10.0.0
• b8a5764 chore: fix flaky log file tests
• 7f81e96 chore: use maxSockets:1 for some flaky arborist reify tests
• fb31c7e feat: trigger release process
• 48a7b07 feat: remove prerelease flags
• 52cb638 chore: release 10.0.0-pre.1
• 9e444ca chore: fix bundle version in libnpmpublish tests (doc: make the documentation print-friendly nodejs/node#6748)
• 171b8a0 chore: remove extra git dirty check from ci
• 323cc4f chore: drop node14 support in private mock-globals workspace
• 5ab3f7e deps: @ npmcli/git@5.0.3
• eb41977 deps: @ npmcli/run-script@7.0.1
• f30c9e3 deps: @ npmcli/git@5.0.2
• f334466 deps: pacote@17.0.4
• bb63bf9 deps: @ npmcli/run-script@7.0.0
• 75642c6 deps: @ npmcli/promise-spawn@7.0.0
• dbb18f4 deps: @ npmcli/agent@2.1.0
• 812aa6d deps: sigstore@2.1.0
• 7fab9d3 deps: @ sigstore/tuf@2.1.0
• 12337cc deps: which@4.0.0
• b1ad3ad deps: npm-packlist@8.0.0
• 43831d0 deps: pacote@17.0.3
• 44e8fec deps: pacote@17.0.2
• 0d2e2c9 deps: bump sigstore from 1.7.0 to 2.0.0
• ec7a430 chore: audit fix for semver in nested dev deps

See the full diff

Package name: libnpmversion

The new version differs by 250 commits.

• d0e7491 chore: release 10.0.0
• b8a5764 chore: fix flaky log file tests
• 7f81e96 chore: use maxSockets:1 for some flaky arborist reify tests
• fb31c7e feat: trigger release process
• 48a7b07 feat: remove prerelease flags
• 52cb638 chore: release 10.0.0-pre.1
• 9e444ca chore: fix bundle version in libnpmpublish tests (doc: make the documentation print-friendly nodejs/node#6748)
• 171b8a0 chore: remove extra git dirty check from ci
• 323cc4f chore: drop node14 support in private mock-globals workspace
• 5ab3f7e deps: @ npmcli/git@5.0.3
• eb41977 deps: @ npmcli/run-script@7.0.1
• f30c9e3 deps: @ npmcli/git@5.0.2
• f334466 deps: pacote@17.0.4
• bb63bf9 deps: @ npmcli/run-script@7.0.0
• 75642c6 deps: @ npmcli/promise-spawn@7.0.0
• dbb18f4 deps: @ npmcli/agent@2.1.0
• 812aa6d deps: sigstore@2.1.0
• 7fab9d3 deps: @ sigstore/tuf@2.1.0
• 12337cc deps: which@4.0.0
• b1ad3ad deps: npm-packlist@8.0.0
• 43831d0 deps: pacote@17.0.3
• 44e8fec deps: pacote@17.0.2
• 0d2e2c9 deps: bump sigstore from 1.7.0 to 2.0.0
• ec7a430 chore: audit fix for semver in nested dev deps

See the full diff

Package name: make-fetch-happen

The new version differs by 108 commits.

• db8f03c chore: release 11.0.0 (doc: added TC meeting minutes 2014-12-17 nodejs/node#178)
• 727d805 chore: fix flaky test (lib: micro-optimize EventEmitter#removeListener() nodejs/node#185)
• 33d972a deps: bump cacache from 16.1.3 to 17.0.0 (lib: micro-optimize url.resolve() nodejs/node#184)
• 672caac chore: postinstall for dependabot template-oss PR
• 654f976 chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• d63de44 docs: document cause argument to onRetry (Support promises in the fs module nodejs/node#173)
• 2aeaae5 chore: postinstall for dependabot template-oss PR
• 6e5077d chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• c293053 feat!: postinstall for dependabot template-oss PR
• 729bc74 chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 2631db8 chore: postinstall for dependabot template-oss PR
• 2296d79 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• ea71110 chore(main): release 10.2.1 (Graceful FS by default nodejs/node#167)
• e9a2a51 fix: linting (fs: deprecate exists() and existsSync() nodejs/node#166)
• ee20fc2 chore(main): release 10.2.0 (lib: fix guard expression in timer.unref() nodejs/node#165)
• dae6384 feat: store link header (Implement Blob and FileReader nodejs/node#164)
• 27f3e2a chore(main): release 10.1.8 (Added WebStorm setting file to gitignore nodejs/node#162)
• 4ae4864 fix: TypeError: SocksProxyAgent is not a constructor (buffer: add indexOf/lastIndexOf method nodejs/node#161)
• e42eb5d chore(main): release 10.1.7 (buffer: add indexOf method nodejs/node#160)
• 63ed403 deps: bump socks-proxy-agent from 6.2.1 to 7.0.0 (RFC: bundle tick processor with iojs nodejs/node#158)
• 331f9cb fix: use hostname for socks agent (Added DS_Store to gitignore nodejs/node#159)
• 99f44e0 chore(main): release 10.1.6 (Make process requireable nodejs/node#157)
• 9baa806 fix: respect given algorithms instead of always using sha512 (build: remove support for VS 2010 and 2012 nodejs/node#156)
• c5251f3 chore(main): release 10.1.5 (docs: changed example in streams for write() after end() nodejs/node#155)

See the full diff

Package name: node-gyp

The new version differs by 82 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published (lib,src,doc: remove usage of events.EventEmitter nodejs/node#2921)
• 4e493d4 chore: misc testing fixes (New Uint8Arrays are sometimes filled with garbage nodejs/node#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (url.parse("http://:::1") is parsed as "http://:1/::" nodejs/node#2929)
• e388255 deps: which@4.0.0 (Segfault in node::Environment::KickNextTick nodejs/node#2928)
• 059bb6f deps: make-fetch-happen@13.0.0 (Socket connects and gets data from non-existing service nodejs/node#2927)
• 4bef1ec deps: glob@10.3.10 (No event on child-process stdout nodejs/node#2926)
• 21a7249 chore: add check engines script to CI (module: remove unnecessary property and method nodejs/node#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (calling function in each other module is not working nodejs/node#2923)
• d644ce4 docs: update applicable GitHub links from master to main (win,v8: Support for MSVS 2015 in v0.12 nodejs/node#2843)
• 4a50fe3 chore: empty commit to add changelog entries from test: add test-spawn-cmd-named-pipe nodejs/node#2770
• 26683e9 chore: GitHub Workflows security hardening (Stream Transform with Arrow Functions nodejs/node#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 (Compiling node v4.0.0 with OpenSSL 1.0.1 fails nodejs/node#2783)
• 5746691 test: update expired certs (Spawn detached window hide option nodejs/node#2908)
• d3615c6 Fix incorrect Xcode casing in README (Fix code example in events API docs nodejs/node#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python (Small documentation markup error nodejs/node#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after (Yet another segmentation fault in node-v4.0.0-rc.1 nodejs/node#2721)
• 445c28f test: increase mocha timeout (Ctrl+C exits debugger from repl v4.0.0 nodejs/node#2887)
• 1bfb083 Fix Python lint error by using an f-string (doc: jenkins-iojs.nodesource.com -> ci.nodejs.org, iojs.org/download -> nodejs.org/download nodejs/node#2886)
• c9caa2e docs: Update windows installation instructions in README.md (How to inherit from new Buffer implementation nodejs/node#2882)

See the full diff

Package name: npm-profile

The new version differs by 55 commits.

• dd687ac chore: release 7.0.1 (Mani nodejs/node#78)
• 36fa4b1 deps: bump npm-registry-fetch from 13.3.1 to 14.0.0
• 29616ad deps: bump proc-log from 2.0.1 to 3.0.0
• 6629dbe chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0
• 769e3d1 chore: postinstall for dependabot template-oss PR
• 8287802 chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• 6fad3d5 chore: release 7.0.0 (Add major, minor, and patch labels to PRs, Issues nodejs/node#69)
• bac7ff1 chore: postinstall for dependabot template-oss PR
• 7295252 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• e16befb feat!: postinstall for dependabot template-oss PR
• 98f044c chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 7ce8a74 chore: postinstall for dependabot template-oss PR
• 86fb069 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 4cad0f7 chore(main): release 6.2.1 (module: test for directories, fixes require with .. nodejs/node#58)
• b701df2 fix: remove `npm-use-webauthn` header ([streams] _flush not being called nodejs/node#53)
• cdc4acb fix: cancel opener promise if web login fails (Fix for path.resolve containing relative path to another drive in windows nodejs/node#57)
• d2076fb chore(main): release 6.2.0 (Proposal: Move isaacs/readable-stream to iojs and make it the authoratative source nodejs/node#55)
• 05a7811 feat: Add export for `webauthCheckLogin` (npm install is unbelievably slow, fails in certain environments nodejs/node#54)
• db12188 chore: bump @ npmcli/template-oss from 3.4.3 to 3.5.0 (io.js on The Changelog! nodejs/node#52)
• 465e683 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (V8 upgrades and what they mean for versioning nodejs/node#47)
• 5aff31f chore(main): release 6.1.0 (debugger: use requireRepl() to load debugger repl nodejs/node#49)
• aa82de0 feat: Allow web-login donecheck to cancel opener promise (path.resolve across drives in Windows nodejs/node#50)
• 6bdd233 feat: set 'npm-use-webauthn' header depending on option (Improve repo description nodejs/node#48)
• d0c2dec chore: postinstall for dependabot template-oss PR

See the full diff

Package name: npm-registry-fetch

The new version differs by 76 commits.

• 8f61d95 chore: release 14.0.0 (Parallel non-io tests nodejs/node#139)
• c1a2c5a chore: bump cacache from 16.1.3 to 17.0.0 (Support io.js Dockerfile or Docker Repo nodejs/node#147)
• b5aeed0 deps: bump make-fetch-happen from 10.2.1 to 11.0.0 (feature: Local Modules nodejs/node#146)
• c1c203e chore: postinstall for dependabot template-oss PR
• dcff56f chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• 8762c37 chore: postinstall for dependabot template-oss PR
• 428d241 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• 104a51f feat!: postinstall for dependabot template-oss PR
• 36f576a chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• ed6304c chore: postinstall for dependabot template-oss PR
• 4a08dd4 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• de64201 chore(main): release 13.3.1 (unable to deal with file names that have invalid encoding nodejs/node#128)
• c9a8727 fix: linting
• a72fb7c chore: rimraf@3.0.2
• 79bddb9 chore: mkdirp@1.0.4
• 8d40cbb chore(main): release 13.3.0 (test: simple/test-fs-symlink-dir-junction-relative broken on linux nodejs/node#126)
• 42d605c feat: respect registry-scoped certfile and keyfile options (Revert "openssl: don't define SIXTY_FOUR_BIT_LONG on Windows" nodejs/node#125)
• 43c91f5 chore(main): release 13.2.0 (Port patches and fixes over from node nodejs/node#124)
• 893ea1c chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (ability to serve both HTTP and HTTPS on the same port nodejs/node#121)
• ff4ed65 feat: set 'npm-auth-type' header depending on config option (Async listener removal also drops tracing nodejs/node#123)
• 0db6cf8 chore: postinstall for dependabot template-oss PR
• 0c1795e chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 5f9f823 chore: bump @ npmcli/template-oss from 3.3.2 to 3.4.1 (Is there mentoring for ios.js like in node-forward? nodejs/node#119)
• b9848ba chore(main): release 13.1.1 (Update binnary alternatives nodejs/node#110)

See the full diff

Package name: pacote

The new version differs by 182 commits.

• 18e760f chore: release 17.0.4
• ba8f790 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae deps: bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 7aa2062 chore: release 17.0.3
• ace7c28 deps: bump npm-packlist from 7.0.4 to 8.0.0
• f1efd0c chore: release 17.0.2
• c3b892d deps: bump sigstore from 1.3.0 to 2.0.0
• c75d7d5 chore: release 17.0.1
• 6ddae13 deps: bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 deps: bump npm-pick-manifest from 8.0.2 to 9.0.0
• 9fa2de9 chore: release 17.0.0
• e9e964b deps: bump read-package-json from 6.0.4 to 7.0.0
• f69d844 chore: hosted-git-info@7.0.0
• 5d26500 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• d13bb9c deps: bump @ npmcli/git from 4.1.0 to 5.0.0
• 7a25e39 deps: bump cacache from 17.1.4 to 18.0.0
• 2db2fb5 fix: drop node 16.13.x support
• 5cdbfd1 chore: release 16.0.0
• 8dc6a32 deps: bump minipass from 5.0.0 to 7.0.2
• 7cebf19 deps: bump npm-registry-fetch from 14.0.5 to 15.0.0
• 73b6297 fix: drop node14 support (build,src: remove sslv2 support nodejs/node#290)
• 53cf17e chore: postinstall for dependabot template-oss PR
• 865d5c7 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 040add9 chore: postinstall for dependabot template-oss PR

See the full diff

Package name: rimraf

The new version differs by 40 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"65b50d7d-31a2-4e01-8850-443da067492d","prPublicId":"65b50d7d-31a2-4e01-8850-443da067492d","dependencies":[{"name":"@npmcli/arborist","from":"4.3.1","to":"7.0.0"},{"name":"@npmcli/map-workspaces","from":"2.0.4","to":"3.0.3"},{"name":"@npmcli/run-script","from":"2.0.0","to":"7.0.2"},{"name":"cacache","from":"15.3.0","to":"17.0.5"},{"name":"glob","from":"7.2.3","to":"9.0.0"},{"name":"init-package-json","from":"2.0.5","to":"4.0.0"},{"name":"libnpmaccess","from":"4.0.3","to":"7.0.0"},{"name":"libnpmdiff","from":"2.0.4","to":"6.0.0"},{"name":"libnpmexec","from":"3.0.3","to":"7.0.0"},{"name":"libnpmfund","from":"2.0.2","to":"4.0.20"},{"name":"libnpmhook","from":"6.0.3","to":"9.0.0"},{"name":"libnpmorg","from":"2.0.3","to":"5.0.0"},{"name":"libnpmpack","from":"3.1.0","to":"6.0.0"},{"name":"libnpmpublish","from":"4.0.2","to":"7.0.0"},{"name":"libnpmsearch","from":"3.1.2","to":"6.0.0"},{"name":"libnpmteam","from":"2.0.4","to":"5.0.0"},{"name":"libnpmversion","from":"2.0.2","to":"5.0.0"},{"name":"make-fetch-happen","from":"9.1.0","to":"11.0.0"},{"name":"node-gyp","from":"8.4.1","to":"10.0.0"},{"name":"npm-profile","from":"5.0.4","to":"7.0.1"},{"name":"npm-registry-fetch","from":"11.0.0","to":"14.0.0"},{"name":"pacote","from":"12.0.3","to":"17.0.4"},{"name":"read-package-json","from":"4.1.2","to":"6.0.1"},{"name":"rimraf","from":"3.0.2","to":"4.0.0"}],"packageManager":"npm","projectPublicId":"d0be481d-e114-4328-906d-4c370c487ea5","projectUrl":"https://app.sn...