[Snyk] Upgrade @npmcli/arborist from 5.6.3 to 7.5.2

[OKEAMAH]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @npmcli/arborist from 5.6.3 to 7.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 43 versions ahead of your current version.

• The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	141	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	141	Proof of Concept

Release notes

Package name: @npmcli/arborist

• 7.5.2 - 2024-05-15
  

  v7.5.2 (2021-02-02)

  BUG FIXES

  • 37613e4e6 #2395 #2329 fix(exec): use latest version when possible (@ wraithgar)
  • 567c9bd03 fix(lib/npm): do not clobber config.execPath (@ wraithgar)

  DEPENDENCIES

  • 643709706 @ npmcli/config@1.2.9 (@ isaacs)
    • 4c6be4a Restore npm v6 behavior with INIT_CWD
    • bbebc66 Do not set the PREFIX environment variable
• 7.5.1 - 2024-04-30
  

  v7.5.1 (2021-02-01)

  BUG FIXES

  • 0ea134e41 #2587 pass all settings through to pacote.packument, fixes #2060 (@ nlf)
  • 894fa0ac2 Add test for npm-usage.js, and fix 'npm --long' output (@ isaacs)

  DEPENDENCIES

  • 7e4e88e93 @ npmcli/arborist@2.1.1:, pacote@11.2.4
    • Properly raise ERESOLVE errors on root dev dependencies
    • Ignore ERESOLVE errors when performing git dep 'prepare' scripts
    • Always reinstall packages that are explicitly requested
    • fix global update all so it actually updates things
    • Install bins properly when global root is a link (@ isaacs)

  DOCUMENTATION

  • 23dac2fef #2557 npm team revamp (@ ruyadorno)
  • dd05ba0c0 #2572 add note about --force overriding peer dependencies (@ isaacs)
  • e27639780 #2584 Fixed the spelling of contributor as it was written as conributor (@ pavanbellamkonda)
  • 13a5e3178 #2502 elaborate that npm help uses browser (@ ariccio)
• 7.5.0 - 2024-04-25
  

  v7.5.0 (2021-01-28)

  FEATURES

  • d011266b7 #1319 add npm diff command (@ ruyadorno)

  BUG FIXES

  • d2f8af2da #2445 publish: don't complain about missing auth until after registry is chosen (@ dr-js)

  DOCUMENTATION

  • 8d3fd63aa #2559 updates to readme, removal, contributing and several other docs (@ darcyclarke)
  • 7772d9f9f #2542 fix grammar on caching docs for search, exec and init (@ wraithgar)
  • 52e8a1aef #2558 refreshed npm updated docs (@ ruyadorno)
  • abae00ca0 #2565 update npm command docs (@ wraithgar)
  • 9351cbf9a #2566 refresh npm run-script docs (@ ruyadorno)

  DEPENDENCIES

  • 56c08863e hosted-git-info@3.0.8
  • 18a93f06b ssri@8.0.1
  • cb768f671 @ npmcli/move-file@1.1.1
  • 32cc0a4be minipass-fetch@1.3.3
    • fixes ssl settings passthrough
  • 530997968 @ npmcli/arborist@2.1.0
    • added signal handler to rollback when possible
    • prevent ERESOLVEs caused by loose root dep specs
    • detect conflicts among nested peerOptional deps
    • properly buildIdealTree when root is a symlink
• 7.4.2 - 2024-04-10
  

  v7.4.2 (2021-01-15)

  DEPENDENCIES

  • e5ce6bbba@ npmcli/arborist@2.0.5
    • fix creating missing dirs when using --prefix and --global
    • fix omit types of deps in global installs
    • fix prioritizing npm-shrinkwrap.json over package-lock.json
    • better cache system for packuments
    • improves audit performance
• 7.4.1 - 2024-04-03
  

  v7.4.1 (2021-01-14)

  BUG FIXES

  • 23df96d33 #2486 npm link no longer deletes entire project when global prefix is a symlink (@ nlf)

  DOCUMENTATION

  • 7dd0dfc59 #2459 fix(docs): clean up npm start docs (@ wraithgar)
  • 307b3bd9f #2460 fix(docs): clean up npm stop docs (@ wraithgar)
  • 23f01b739 #2462 fix(docs): clean up npm test docs (@ wraithgar)
  • 4b43656fc #2463 fix(docs): clean up npm prefix docs (@ wraithgar)
  • 1135539ba a07bb8e69 9b55b798e cd5eeaaa0 6df69ce10 dc6b2a8b0 a3c127446 #2464 fix(docs): clean up npm uninstall docs (@ wraithgar)
  • cfdcf32fd #2474 fix(docs): clean up npm unpublish docs (@ wraithgar)
  • acd5b062a #2475 fix(docs): update package-lock.json docs (@ isaacs)
  • b0b0edf6d #2482 fix(docs): clean up npm token docs (@ wraithgar)
  • 35559201a #2487 fix(docs): clean up npm search docs (@ wraithgar)

  DEPENDENCIES

  • ea8c02169 @ npmcli/arborist@2.0.5
  • fb6f2c313 pacote@11.2.1
  • c549b7657 make-fetch-happen@8.0.13
• 7.4.0 - 2024-02-28
  

  v7.4.0 (2021-01-07)

  FEATURES

  • 47ed2dfd8 #2456 add --foreground-scripts option (@ isaacs)

  BUG FIXES

  • d01746a5a #2444 #1103 Remove deprecated process.umask() (@ isaacs)
  • b2e2edf8a #2422 npm publish --dry-run should not check login status (@ buyan302)
  • 99156df80 #2448 #2425 pass extra arguments directly to run-script as an array (@ nlf)
  • 907b34b2e #2455 fix(ci): pay attention to --ignore-scripts (@ wraithgar)

  DEPENDENCIES

  • 7a49fd4af tar@6.1.0, pacote@11.1.14
  • 54a7bd16c @ npmcli/arborist@2.0.3

  DOCUMENTATION

  • a390d7456 #2440 Updated the url for RFC 19 so that it isn't a 404. (@ therealjeffg)
  • e02b46ad7 #2436 Grammatical Fix in npm-ls Documentation 'Therefore' is spelled 'Therefor' (@ marsonya)
  • 0fed44dea #2417 Fix npm bug reporting url (@ AkiaCode)
• 7.3.1 - 2024-01-24
• 7.3.0 - 2024-01-10
  

  7.3.0 (2020-12-18)

  FEATURES

  • a9b8bf263 #2362 Support multiple set/get/deletes in npm config (@ isaacs)

  BUG FIXES

  • 9eef63849 Pass full set of options to login helper functions. This fixes npm login --no-strict-ssl, as well as a host of other options that one might want to set while logging in. Reported by: @ toddself (@ isaacs)
  • 628a554bc #2358 fix doctor test to work correctly for node pre-release versions (@ nlf)
  • be4a0900b #2360 raise an error early if publishing without login, registry (@ isaacs)
  • 44d433105 #2366 Include prerelease versions when deprecating (@ tiegz)
  • cba3341da #2373 npm profile refactor (@ ruyadorno)
  • 7539504e3 #2382 remove the metrics sender (@ nlf)

  DOCS

  • b98569a8c add note about INIT_CWD to run-script doc
  • 292929279 #2368 Revert bug-reporting links to GH. Re: https://blog.npmjs.org/post/188841555980/updates-to-community-docs-more (@ tiegz)
  • f4560626f update ISSUE_TEMPLATE with modern links (@ isaacs)
  • bc1c567ed update npm command doc feature request links (@ isaacs)
  • 0ad958fe1 #2381 (docs,test): assorted typo fixes (@ XhmikosR)

  TESTING

  • a92d310b7 #2361 Add max-len to lint rules (@ Edu93Jer)

  DEPENDENCIES

  • 4fc2f3e05 #2300 @ npmcli/config@1.2.8:
    • Support setting email without username/password
• 7.2.2 - 2023-12-06
• 7.2.1 - 2023-10-31
• 7.2.0 - 2023-10-03
• 7.1.0 - 2023-09-08
• 7.0.0 - 2023-08-31
• 7.0.0-pre.0 - 2023-08-31
• 6.5.1 - 2024-02-28
• 6.5.0 - 2023-10-06
• 6.4.0 - 2023-09-18
• 6.3.0 - 2023-07-05
• 6.2.10 - 2023-06-21
• 6.2.9 - 2023-05-03
• 6.2.8 - 2023-04-19
• 6.2.7 - 2023-04-05
• 6.2.6 - 2023-03-30
• 6.2.5 - 2023-03-08
• 6.2.4 - 2023-03-02
• 6.2.3 - 2023-02-22
• 6.2.2 - 2023-02-07
• 6.2.1 - 2023-02-02
• 6.2.0 - 2023-01-25
• 6.1.6 - 2023-01-12
• 6.1.5 - 2022-12-07
• 6.1.4 - 2022-11-30
• 6.1.3 - 2022-11-16
• 6.1.2 - 2022-11-09
• 6.1.1 - 2022-11-02
• 6.1.0 - 2022-10-26
• 6.0.0 - 2022-10-19
• 6.0.0-pre.5 - 2022-10-19
• 6.0.0-pre.4 - 2022-10-05
• 6.0.0-pre.3 - 2022-09-30
• 6.0.0-pre.2 - 2022-09-23
• 6.0.0-pre.1 - 2022-09-14
• 6.0.0-pre.0 - 2022-09-12
• 5.6.3 - 2022-11-03

from @npmcli/arborist GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.