chore(deps): [Security] Bump npm from 6.13.4 to 6.14.8#44
Closed
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)
Bumps [npm](https://github.com/npm/cli) from 6.13.4 to 6.14.8. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-93f3-23rq-pjfp">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Sensitive information exposure through logs in npm CLI</strong> Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <code>://[[:]@][:][:][/]</code>. The password value is not redacted and is printed to stdout and also to any generated log files.</p> <p>Affected versions: < 6.14.6</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/npm/cli/releases">npm's releases</a>.</em></p> <blockquote> <h2>v6.14.8</h2> <h2>6.14.8 (2020-08-17)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/9262e8c88f2f828206423928b8e21eea67f4801a"><code>9262e8c88</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1575">#1575</a> npm install --dev deprecation message (<a href="https://github.com/sandratatarevicova">@sandratatarevicova</a>)</li> <li><a href="https://github.com/npm/cli/commit/765cfe0bc05a10b72026291ff0ca7c9ca5cb3f57"><code>765cfe0bc</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/issues/1658">#1658</a> remove unused broken require (<a href="https://github.com/aduh95">@aduh95</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e28de79a3a0aacc7603010a592beb448ceb6f5f"><code>4e28de79a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1663">#1663</a> Do not send user secret in the referer header (<a href="https://github.com/assapir">@assapir</a>)</li> </ul> <h3>DOCUMENTATION</h3> <ul> <li><a href="https://github.com/npm/cli/commit/8abdf30c95ec90331456f3f2ed78e2703939bb74"><code>8abdf30c9</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1572">#1572</a> docs: add missing metadata in semver page (<a href="https://github.com/tripu">@tripu</a>)</li> <li><a href="https://github.com/npm/cli/commit/8cedcca464ced5aab58be83dd5049c3df13384de"><code>8cedcca46</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1614">#1614</a> Node-gyp supports both Python and legacy Python (<a href="https://github.com/cclauss">@cclauss</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/a303b75fd7c4b2644da02ad2ad46d80dfceec3c5"><code>a303b75fd</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/c48600832aff4cc349f59997e08dc4bbde15bd49"><code>c48600832</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/a6e9fc4df7092ba3eb5394193638b33c24855c36"><code>a6e9fc4df</code></a> <code>[email protected]</code></li> </ul> <h2>v6.14.7</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/de5108836189bddf28d4d3542f9bd5869cc5c2e9"><code>de5108836</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/784">#784</a> npm explore spawn shell correctly (<a href="https://github.com/jasisk">@jasisk</a>)</li> <li><a href="https://github.com/npm/cli/commit/36e6c01d334c4db75018bc6a4a0bef726fd41ce4"><code>36e6c01d3</code></a> git tag handling regression on shrinkwrap (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/1961c9369c92bf8fe530cecba9834ca3c7f5567c"><code>1961c9369</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/288">#288</a> Fix package id in shrinkwrap lifecycle step output (<a href="https://github.com/bz2">@bz2</a>)</li> <li><a href="https://github.com/npm/cli/commit/87888892a1282cc3edae968c3ae4ec279189271c"><code>87888892a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1009">#1009</a> gracefully handle error during npm install (<a href="https://github.com/danielleadams">@danielleadams</a>)</li> <li><a href="https://github.com/npm/cli/commit/6fe2bdc25e7961956e5c0067fa4db54ff1bd0dbd"><code>6fe2bdc25</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1547">#1547</a> npm ls --parseable --long output (<a href="https://github.com/ruyadorno">@ruyadorno</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/2d78481c7ec178e628ce23df940f73a05d5c6367"><code>2d78481c7</code></a> update mkdirp on tacks (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e129d105eba3b12d474caa6e5ca216a98deb75a"><code>4e129d105</code></a> uninstall npm-registry-couchapp (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/8e1869e278d1dd37ddefd6b4e961d1bb17fc9d09"><code>8e1869e27</code></a> update marked dev dep (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/6a6151f377063c6aca852c859c01910edd235ec6"><code>6a6151f37</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/dc21422eb1ca1a4a19f160fad0e924566e08c496"><code>dc21422eb</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/d341f88ce6feb3df1dcb37f34910fcc6c1db85f2"><code>d341f88ce</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/3e168d49b41574809cae2ad013776a00d3f20ff4"><code>3e168d49b</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/6ae942a510520b7dff11b5b78eebeff1706e38af"><code>6ae942a51</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/6a35e3deec275bf2ae76603acd424a0640458047"><code>6a35e3dee</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> </ul> <h2>v6.14.6</h2> <h2>6.14.6 (2020-07-07)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc"><code>a9857b8f6</code></a> chore: remove auth info from logs (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/b7ad77598112908d60195d0fbc472b3c84275fd5"><code>b7ad77598</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1416">#1416</a> fix: wrong <code>npm doctor</code> command result (<a href="https://github.com/vanishcode">@vanishcode</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/94eca637756376b949edfb697e179a1fdcc231ee"><code>94eca6377</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/c49b6ae28791ff7184288be16654f97168aa9705"><code>c49b6ae28</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1418">#1418</a> <code>[email protected]</code> (<a href="https://github.com/kemitchell">@kemitchell</a>)</li> </ul> <h2>v6.14.5</h2> <h2>6.14.5 (2020-05-04)</h2> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/cli/blob/latest/CHANGELOG.md">npm's changelog</a>.</em></p> <blockquote> <h2>6.14.8 (2020-08-17)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/9262e8c88f2f828206423928b8e21eea67f4801a"><code>9262e8c88</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1575">#1575</a> npm install --dev deprecation message (<a href="https://github.com/sandratatarevicova">@sandratatarevicova</a>)</li> <li><a href="https://github.com/npm/cli/commit/765cfe0bc05a10b72026291ff0ca7c9ca5cb3f57"><code>765cfe0bc</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/issues/1658">#1658</a> remove unused broken require (<a href="https://github.com/aduh95">@aduh95</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e28de79a3a0aacc7603010a592beb448ceb6f5f"><code>4e28de79a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1663">#1663</a> Do not send user secret in the referer header (<a href="https://github.com/assapir">@assapir</a>)</li> </ul> <h3>DOCUMENTATION</h3> <ul> <li><a href="https://github.com/npm/cli/commit/8abdf30c95ec90331456f3f2ed78e2703939bb74"><code>8abdf30c9</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1572">#1572</a> docs: add missing metadata in semver page (<a href="https://github.com/tripu">@tripu</a>)</li> <li><a href="https://github.com/npm/cli/commit/8cedcca464ced5aab58be83dd5049c3df13384de"><code>8cedcca46</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1614">#1614</a> Node-gyp supports both Python and legacy Python (<a href="https://github.com/cclauss">@cclauss</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/a303b75fd7c4b2644da02ad2ad46d80dfceec3c5"><code>a303b75fd</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/c48600832aff4cc349f59997e08dc4bbde15bd49"><code>c48600832</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/a6e9fc4df7092ba3eb5394193638b33c24855c36"><code>a6e9fc4df</code></a> <code>[email protected]</code>:</li> </ul> <h2>6.14.7 (2020-07-21)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/de5108836189bddf28d4d3542f9bd5869cc5c2e9"><code>de5108836</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/784">#784</a> npm explore spawn shell correctly (<a href="https://github.com/jasisk">@jasisk</a>)</li> <li><a href="https://github.com/npm/cli/commit/36e6c01d334c4db75018bc6a4a0bef726fd41ce4"><code>36e6c01d3</code></a> git tag handling regression on shrinkwrap (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/1961c9369c92bf8fe530cecba9834ca3c7f5567c"><code>1961c9369</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/288">#288</a> Fix package id in shrinkwrap lifecycle step output (<a href="https://github.com/bz2">@bz2</a>)</li> <li><a href="https://github.com/npm/cli/commit/87888892a1282cc3edae968c3ae4ec279189271c"><code>87888892a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1009">#1009</a> gracefully handle error during npm install (<a href="https://github.com/danielleadams">@danielleadams</a>)</li> <li><a href="https://github.com/npm/cli/commit/6fe2bdc25e7961956e5c0067fa4db54ff1bd0dbd"><code>6fe2bdc25</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1547">#1547</a> npm ls --parseable --long output (<a href="https://github.com/ruyadorno">@ruyadorno</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/2d78481c7ec178e628ce23df940f73a05d5c6367"><code>2d78481c7</code></a> update mkdirp on tacks (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e129d105eba3b12d474caa6e5ca216a98deb75a"><code>4e129d105</code></a> uninstall npm-registry-couchapp (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/8e1869e278d1dd37ddefd6b4e961d1bb17fc9d09"><code>8e1869e27</code></a> update marked dev dep (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/6a6151f377063c6aca852c859c01910edd235ec6"><code>6a6151f37</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/dc21422eb1ca1a4a19f160fad0e924566e08c496"><code>dc21422eb</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/d341f88ce6feb3df1dcb37f34910fcc6c1db85f2"><code>d341f88ce</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/cli/commit/39a25ae560d17393b2a7b8fbc2abc424654604b7"><code>39a25ae</code></a> 6.14.8</li> <li><a href="https://github.com/npm/cli/commit/d4e6e41bdcf7501293bbfc2f3e5657bb83940a6e"><code>d4e6e41</code></a> update AUTHORS</li> <li><a href="https://github.com/npm/cli/commit/e2abf495a29ff137820898461c14885247b6770c"><code>e2abf49</code></a> docs: changelog for 6.14.8</li> <li><a href="https://github.com/npm/cli/commit/807443ff8027a8784a35d4db256d597073de7576"><code>807443f</code></a> test: fix missing JSON.stringify</li> <li><a href="https://github.com/npm/cli/commit/b72920f42c24ed7781c76b67219e9a6cceb220a8"><code>b72920f</code></a> chore: Do not send user secret in the referer header</li> <li><a href="https://github.com/npm/cli/commit/376bc08b6ae1eb162c69ea63f086c7fc4a2dc189"><code>376bc08</code></a> fix: remove unused broken require</li> <li><a href="https://github.com/npm/cli/commit/956077a267345d2fd795bbfabff3a9df3e033f85"><code>956077a</code></a> Node-gyp supports both Python and legacy Python</li> <li><a href="https://github.com/npm/cli/commit/f5da2b9fade661ea14edb1cbd1bcff88b4ecf26c"><code>f5da2b9</code></a> fix: npm install --dev deprecation message</li> <li><a href="https://github.com/npm/cli/commit/42dcb3e1e3b49c8ca9677a7e7f9fe20b5ac99b56"><code>42dcb3e</code></a> Docs: add missing metadata in semver page</li> <li><a href="https://github.com/npm/cli/commit/c605266dc74ceb896a57c42e4cc999b5aed80665"><code>c605266</code></a> test: increase whoami with bearer auth timeout</li> <li>Additional commits viewable in <a href="https://github.com/npm/cli/compare/v6.13.4...v6.14.8">compare view</a></li> </ul> </details> <br /> [](https://dependabot.com/compatibility-score/?dependency-name=npm&package-manager=npm_and_yarn&previous-version=6.13.4&new-version=6.14.8) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot-preview[bot] and has received 1 comments.
Add a comment
Comment form would go here