[Snyk] Upgrade npm from 6.4.1 to 6.14.12 #38

snyk-bot · 2021-04-17T03:07:57Z

Snyk has created this PR to upgrade npm from 6.4.1 to 6.14.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 54 versions ahead of your current version.
The recommended version was released 22 days ago, on 2021-03-25.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-NPM-537606	375/1000 Why? CVSS 7.5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-NPM-537603	375/1000 Why? CVSS 7.5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-BINLINKS-537610	375/1000 Why? CVSS 7.5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-YARGSPARSER-560381	375/1000 Why? CVSS 7.5	Proof of Concept
Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	375/1000 Why? CVSS 7.5	No Known Exploit
Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	375/1000 Why? CVSS 7.5	No Known Exploit
Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	375/1000 Why? CVSS 7.5	No Known Exploit
Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	375/1000 Why? CVSS 7.5	Proof of Concept
Unauthorized File Access SNYK-JS-NPM-537604	375/1000 Why? CVSS 7.5	Proof of Concept
Unauthorized File Access SNYK-JS-BINLINKS-537609	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: npm

6.14.12 - 2021-03-25
6.14.12 (2021-03-25)

DEPENDENCIES
- e47654048 #2737 Update y18n to fix CVE-2020-7774 (@ vecerek)
6.14.11 - 2021-01-08
6.14.10 - 2020-12-18
6.14.9 - 2020-11-20
6.14.8 - 2020-08-17
6.14.7 - 2020-07-21
6.14.6 - 2020-07-07
6.14.5 - 2020-05-04
6.14.4 - 2020-03-25
6.14.3 - 2020-03-19
6.14.2 - 2020-03-03
6.14.1 - 2020-02-27
6.14.0 - 2020-02-25
6.13.7 - 2020-01-28
6.13.6 - 2020-01-09
6.13.5 - 2020-01-09
6.13.4 - 2019-12-11
6.13.3 - 2019-12-10
6.13.2 - 2019-12-03
6.13.1 - 2019-11-18
6.13.0 - 2019-11-05
6.12.1 - 2019-10-29
6.12.0 - 2019-10-08
6.12.0-next.0 - 2019-09-26
6.11.3 - 2019-09-03
6.11.2 - 2019-08-22
6.11.1 - 2019-08-21
6.11.0 - 2019-08-20
6.10.3 - 2019-08-06
6.10.2 - 2019-07-23
6.10.2-next.3 - 2019-07-22
6.10.2-next.2 - 2019-07-21
6.10.2-next.1 - 2019-07-17
6.10.2-next.0 - 2019-07-16
6.10.1 - 2019-07-11
6.10.1-next.2 - 2019-07-10
6.10.1-next.1 - 2019-07-03
6.10.1-next.0 - 2019-07-03
6.10.0 - 2019-07-03
6.10.0-next.0 - 2019-07-01
6.9.2 - 2019-06-27
6.9.1-next.0 - 2019-03-20
6.9.0 - 2019-03-06
6.9.0-next.0 - 2019-02-21
6.8.0 - 2019-02-13
6.8.0-next.2 - 2019-02-07
6.8.0-next.1 - 2019-02-06
6.8.0-next.0 - 2019-01-31
6.7.0 - 2019-01-23
6.6.0 - 2019-01-17
6.6.0-next.1 - 2019-01-10
6.6.0-next.0 - 2018-12-12
6.5.0 - 2018-12-10
6.5.0-next.0 - 2018-11-28
6.4.1 - 2018-08-29

from npm GitHub release notes

Commit messages

Package name: npm

f96fa10 6.14.12
98fca2d update AUTHORS
cc322b6 test: patch git init call
d1161fb docs: changelog for v6.14.12
e476540 Update y18n to fix CVE-2020-7774
792869f 6.14.11
afb3c9e update AUTHORS
7f14d64 docs: changelog for v6.14.11
c0f8ce8 Add s390x, ppc64 and ppc64el in supported cpu list
1d235b2 docs: update link to CLI issues
7a05740 bl@3.0.1
19108ca ini@1.3.8
5caaff4 docs: changelog for 6.14.10
07d6062 6.14.10
3087a2b opener@1.5.2
addb684 6.14.9
ae0bdc8 update AUTHORS
fe6f437 docs: changelog for 6.14.9
ab80a7c npm-user-validate@1.0.1
4a91e48 fix: docs generation breaking builds
6b2ab9d har-validator@5.1.5
bd2721d Fix spelling of npm in bug templates (Manual gas limits for upcoming _ ARXT and EPX sale MyEtherWallet/etherwallet#1701)
39a25ae 6.14.8
d4e6e41 update AUTHORS