[Snyk] Fix for 1 vulnerabilities

[thebpc]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: npm-registry-fetch

The new version differs by 21 commits.

• d370dba chore(release): 6.0.0
• 8c6622f chore: make-fetch-happen 7.1.0
• 5813da6 fix: detect CI so our tests don't fail in CI
• 3de1695 chore: replace nyc config with tap config
• e18ed22 chore: bump make-fetch-happen to v7
• 62f81a2 chore: bump ssri to v7
• 8ccfa8a fix: Use WhatWG URLs instead of url.parse
• 510b125 chore: normalize settings, drop old nodes, update deps
• 622afb4 chore(release): 5.0.1
• 7aa14fd deps: update all deps
• 5764c15 deps: npm-package-arg@7
• 786f092 chore(release): 5.0.0
• 41ff216 chore: update travis config
• 39e5cfe doc: fix badge url
• 97c1208 chore: update tap, improve offline/prefer-offline tests
• 82abf26 chore: Add missing tests and clean up dead code
• 90ac7b1 fix: prefer const in getAuth function
• e64702e fix: use minizlib instead of core zlib
• 5cfe30b test: add string query example to test
• e7286f7 fix!: Use native Promises
• bb37f20 feat: refactor to use Minipass streams

See the full diff

Package name: pacote

The new version differs by 115 commits.

• e88f844 10.3.0
• b21dd92 update semver
• d8ab8cf update npm-packlist
• 361f0b3 update tap
• c4bbf23 test: make the remote timeout test time out forever
• b4ea91f npm-registry-fetch 6.0.0
• 591edd8 @ npmcli/installed-package-contents@1.0.5
• 5ce1093 test: make remote timeout test more reliably time out
• 48fc9b8 use WhatWG URL instead of url.parse
• e515bce Update deps, float patch for npm-registry-fetch
• cf50f54 update @ npmcli/installed-package-contents, require node >=10
• 698e996 Extract: rimraf dir contents, not dir itself
• e568305 add @ npmcli/installed-package-contents module
• e8a80d7 upgrade all deps
• dfccb4f remove extraneous isNaN checking in git opts
• e33c9ce 10.2.1
• bad55cd fix: Do not drop perms in git when not root
• ccc9e20 bin: only add log listener once
• 8a8cd6a 10.2.0
• e8c274c registry: verify integrity when loading manifest
• f28888e bin: Only JSON.stringify by default if an object
• 0018eda 10.1.6
• fc1053f git: prefer git+https over git+ssh for hosted repo
• 9d2ce90 10.1.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)