[Snyk] Upgrade npm from 6.4.1 to 6.14.9

[snyk-bot]

Snyk has created this PR to upgrade npm from 6.4.1 to 6.14.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 51 versions ahead of your current version.
• The recommended version was released a month ago, on 2020-11-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-NPM-537606	375/1000 Why? CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-NPM-537603	375/1000 Why? CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-BINLINKS-537610	375/1000 Why? CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	375/1000 Why? CVSS 7.5	Proof of Concept
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	375/1000 Why? CVSS 7.5	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	375/1000 Why? CVSS 7.5	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	375/1000 Why? CVSS 7.5	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	375/1000 Why? CVSS 7.5	Proof of Concept
	Unauthorized File Access SNYK-JS-NPM-537604	375/1000 Why? CVSS 7.5	Proof of Concept
	Unauthorized File Access SNYK-JS-BINLINKS-537609	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: npm

• 6.14.9 - 2020-11-20
  

  6.14.9 (2020-11-20)

  BUG FIXES

  • 4a91e48aa fix: docs generation breaking builds

  DEPENDDENCIES

  • ab80a7cf0 npm-user-validate@1.0.1
    • dep update to resolve security issue GHSA-xgh6-85xh-479p
  • 6b2ab9d53 har-validator@5.1.5
    • dep update to resolve security issue SNYK-JS-AJV-584908
• 6.14.8 - 2020-08-17
• 6.14.7 - 2020-07-21
• 6.14.6 - 2020-07-07
• 6.14.5 - 2020-05-04
• 6.14.4 - 2020-03-25
• 6.14.3 - 2020-03-19
• 6.14.2 - 2020-03-03
• 6.14.1 - 2020-02-27
• 6.14.0 - 2020-02-25
• 6.13.7 - 2020-01-28
• 6.13.6 - 2020-01-09
• 6.13.5 - 2020-01-09
• 6.13.4 - 2019-12-11
• 6.13.3 - 2019-12-10
• 6.13.2 - 2019-12-03
• 6.13.1 - 2019-11-18
• 6.13.0 - 2019-11-05
• 6.12.1 - 2019-10-29
• 6.12.0 - 2019-10-08
• 6.12.0-next.0 - 2019-09-26
• 6.11.3 - 2019-09-03
• 6.11.2 - 2019-08-22
• 6.11.1 - 2019-08-21
• 6.11.0 - 2019-08-20
• 6.10.3 - 2019-08-06
• 6.10.2 - 2019-07-23
• 6.10.2-next.3 - 2019-07-22
• 6.10.2-next.2 - 2019-07-21
• 6.10.2-next.1 - 2019-07-17
• 6.10.2-next.0 - 2019-07-16
• 6.10.1 - 2019-07-11
• 6.10.1-next.2 - 2019-07-10
• 6.10.1-next.1 - 2019-07-03
• 6.10.1-next.0 - 2019-07-03
• 6.10.0 - 2019-07-03
• 6.10.0-next.0 - 2019-07-01
• 6.9.2 - 2019-06-27
• 6.9.1-next.0 - 2019-03-20
• 6.9.0 - 2019-03-06
• 6.9.0-next.0 - 2019-02-21
• 6.8.0 - 2019-02-13
• 6.8.0-next.2 - 2019-02-07
• 6.8.0-next.1 - 2019-02-06
• 6.8.0-next.0 - 2019-01-31
• 6.7.0 - 2019-01-23
• 6.6.0 - 2019-01-17
• 6.6.0-next.1 - 2019-01-10
• 6.6.0-next.0 - 2018-12-12
• 6.5.0 - 2018-12-10
• 6.5.0-next.0 - 2018-11-28
• 6.4.1 - 2018-08-29

from npm GitHub release notes

Commit messages

Package name: npm

• addb684 6.14.9
• ae0bdc8 update AUTHORS
• fe6f437 docs: changelog for 6.14.9
• ab80a7c npm-user-validate@1.0.1
• 4a91e48 fix: docs generation breaking builds
• 6b2ab9d har-validator@5.1.5
• bd2721d Fix spelling of npm in bug templates (Manual gas limits for upcoming _ ARXT and EPX sale MyEtherWallet/etherwallet#1701)
• 39a25ae 6.14.8
• d4e6e41 update AUTHORS
• e2abf49 docs: changelog for 6.14.8
• 807443f test: fix missing JSON.stringify
• b72920f chore: Do not send user secret in the referer header
• 376bc08 fix: remove unused broken require
• 956077a Node-gyp supports both Python and legacy Python
• f5da2b9 fix: npm install --dev deprecation message
• 42dcb3e Docs: add missing metadata in semver page
• c605266 test: increase whoami with bearer auth timeout
• 620b0ff meant@1.0.2
• 1a2daa5 npm-registry-fetch@4.0.7
• 9b273f0 update-notifier@2.5.0
• dc001af fix: typo in v6 issue template
• cf61302 chore: fix up issue templates
• f54c465 Update bug_7.md
• f468036 chore: rename bug template for v7

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs