chore(deps): [Security] Bump npm from 6.13.4 to 6.14.10#53
Closed
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)
Bumps [npm](https://github.com/npm/cli) from 6.13.4 to 6.14.10. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-93f3-23rq-pjfp">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Sensitive information exposure through logs in npm CLI</strong> Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <code>://[[:]@][:][:][/]</code>. The password value is not redacted and is printed to stdout and also to any generated log files.</p> <p>Affected versions: < 6.14.6</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/npm/cli/releases">npm's releases</a>.</em></p> <blockquote> <h2>v6.14.10</h2> <h2>6.14.10 (2020-12-18)</h2> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/906d647e1cacd74243abcacba3bade80437f30f5"><code>906d647e1</code></a> <code>[email protected]</code> <ul> <li>fixes: <a href="https://github-redirect.dependabot.com/nodejs/node/issues/36445"><code>[#36445](https://github.com/npm/cli/issues/36445)</code></a> addressing <a href="https://securitylab.github.com/advisories/GHSL-2020-145-domenic-opener"><code>GHSL-2020-145</code></a></li> </ul> </li> </ul> <h2>v6.14.9</h2> <h2>6.14.9 (2020-11-20)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/4a91e48aa92be5b2739ebcdd8a9a841ff5cb6817"><code>4a91e48aa</code></a> fix: docs generation breaking builds</li> </ul> <h3>DEPENDDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/ab80a7cf092d52f4b055cc6d03c38b6115c4b582"><code>ab80a7cf0</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://github.com/advisories/GHSA-xgh6-85xh-479p">GHSA-xgh6-85xh-479p</a></li> </ul> </li> <li><a href="https://github.com/npm/cli/commit/6b2ab9d532ef8ffce326f4caa23eb27f83765acd"><code>6b2ab9d53</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://snyk.io/vuln/SNYK-JS-AJV-584908">SNYK-JS-AJV-584908</a></li> </ul> </li> </ul> <h2>v6.14.8</h2> <h2>6.14.8 (2020-08-17)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/9262e8c88f2f828206423928b8e21eea67f4801a"><code>9262e8c88</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1575">#1575</a> npm install --dev deprecation message (<a href="https://github.com/sandratatarevicova">@sandratatarevicova</a>)</li> <li><a href="https://github.com/npm/cli/commit/765cfe0bc05a10b72026291ff0ca7c9ca5cb3f57"><code>765cfe0bc</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/issues/1658">#1658</a> remove unused broken require (<a href="https://github.com/aduh95">@aduh95</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e28de79a3a0aacc7603010a592beb448ceb6f5f"><code>4e28de79a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1663">#1663</a> Do not send user secret in the referer header (<a href="https://github.com/assapir">@assapir</a>)</li> </ul> <h3>DOCUMENTATION</h3> <ul> <li><a href="https://github.com/npm/cli/commit/8abdf30c95ec90331456f3f2ed78e2703939bb74"><code>8abdf30c9</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1572">#1572</a> docs: add missing metadata in semver page (<a href="https://github.com/tripu">@tripu</a>)</li> <li><a href="https://github.com/npm/cli/commit/8cedcca464ced5aab58be83dd5049c3df13384de"><code>8cedcca46</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1614">#1614</a> Node-gyp supports both Python and legacy Python (<a href="https://github.com/cclauss">@cclauss</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/a303b75fd7c4b2644da02ad2ad46d80dfceec3c5"><code>a303b75fd</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/c48600832aff4cc349f59997e08dc4bbde15bd49"><code>c48600832</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/a6e9fc4df7092ba3eb5394193638b33c24855c36"><code>a6e9fc4df</code></a> <code>[email protected]</code></li> </ul> <h2>v6.14.7</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/de5108836189bddf28d4d3542f9bd5869cc5c2e9"><code>de5108836</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/784">#784</a> npm explore spawn shell correctly (<a href="https://github.com/jasisk">@jasisk</a>)</li> <li><a href="https://github.com/npm/cli/commit/36e6c01d334c4db75018bc6a4a0bef726fd41ce4"><code>36e6c01d3</code></a> git tag handling regression on shrinkwrap (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/1961c9369c92bf8fe530cecba9834ca3c7f5567c"><code>1961c9369</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/288">#288</a> Fix package id in shrinkwrap lifecycle step output (<a href="https://github.com/bz2">@bz2</a>)</li> <li><a href="https://github.com/npm/cli/commit/87888892a1282cc3edae968c3ae4ec279189271c"><code>87888892a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1009">#1009</a> gracefully handle error during npm install (<a href="https://github.com/danielleadams">@danielleadams</a>)</li> <li><a href="https://github.com/npm/cli/commit/6fe2bdc25e7961956e5c0067fa4db54ff1bd0dbd"><code>6fe2bdc25</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1547">#1547</a> npm ls --parseable --long output (<a href="https://github.com/ruyadorno">@ruyadorno</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/2d78481c7ec178e628ce23df940f73a05d5c6367"><code>2d78481c7</code></a> update mkdirp on tacks (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e129d105eba3b12d474caa6e5ca216a98deb75a"><code>4e129d105</code></a> uninstall npm-registry-couchapp (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/8e1869e278d1dd37ddefd6b4e961d1bb17fc9d09"><code>8e1869e27</code></a> update marked dev dep (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> <li><a href="https://github.com/npm/cli/commit/6a6151f377063c6aca852c859c01910edd235ec6"><code>6a6151f37</code></a> <code>[email protected]</code> (<a href="https://github.com/claudiahdz">@claudiahdz</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/cli/blob/v6.14.10/CHANGELOG.md">npm's changelog</a>.</em></p> <blockquote> <h2>6.14.10 (2020-12-18)</h2> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/906d647e1cacd74243abcacba3bade80437f30f5"><code>906d647e1</code></a> <code>[email protected]</code> <ul> <li>fixes: <a href="https://github-redirect.dependabot.com/nodejs/node/issues/36445"><code>[#36445](https://github.com/npm/cli/issues/36445)</code></a> addressing <a href="https://securitylab.github.com/advisories/GHSL-2020-145-domenic-opener"><code>GHSL-2020-145</code></a></li> </ul> </li> </ul> <h2>6.14.9 (2020-11-20)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/4a91e48aa92be5b2739ebcdd8a9a841ff5cb6817"><code>4a91e48aa</code></a> fix: docs generation breaking builds</li> </ul> <h3>DEPENDDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/ab80a7cf092d52f4b055cc6d03c38b6115c4b582"><code>ab80a7cf0</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://github.com/advisories/GHSA-xgh6-85xh-479p">GHSA-xgh6-85xh-479p</a></li> </ul> </li> <li><a href="https://github.com/npm/cli/commit/6b2ab9d532ef8ffce326f4caa23eb27f83765acd"><code>6b2ab9d53</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://snyk.io/vuln/SNYK-JS-AJV-584908">SNYK-JS-AJV-584908</a></li> </ul> </li> </ul> <h2>6.14.8 (2020-08-17)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/9262e8c88f2f828206423928b8e21eea67f4801a"><code>9262e8c88</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1575">#1575</a> npm install --dev deprecation message (<a href="https://github.com/sandratatarevicova">@sandratatarevicova</a>)</li> <li><a href="https://github.com/npm/cli/commit/765cfe0bc05a10b72026291ff0ca7c9ca5cb3f57"><code>765cfe0bc</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/issues/1658">#1658</a> remove unused broken require (<a href="https://github.com/aduh95">@aduh95</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e28de79a3a0aacc7603010a592beb448ceb6f5f"><code>4e28de79a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1663">#1663</a> Do not send user secret in the referer header (<a href="https://github.com/assapir">@assapir</a>)</li> </ul> <h3>DOCUMENTATION</h3> <ul> <li><a href="https://github.com/npm/cli/commit/8abdf30c95ec90331456f3f2ed78e2703939bb74"><code>8abdf30c9</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1572">#1572</a> docs: add missing metadata in semver page (<a href="https://github.com/tripu">@tripu</a>)</li> <li><a href="https://github.com/npm/cli/commit/8cedcca464ced5aab58be83dd5049c3df13384de"><code>8cedcca46</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1614">#1614</a> Node-gyp supports both Python and legacy Python (<a href="https://github.com/cclauss">@cclauss</a>)</li> </ul> <h3>DEPENDENCIES</h3> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/cli/commit/5caaff41f6748c7c2cbd8c34c3f4a399687806a5"><code>5caaff4</code></a> docs: changelog for 6.14.10</li> <li><a href="https://github.com/npm/cli/commit/07d6062d168ba2f82f0a100d51fd68c8d1a4dca7"><code>07d6062</code></a> 6.14.10</li> <li><a href="https://github.com/npm/cli/commit/3087a2b8707b18517ae6c7a3a272b8deec41b80f"><code>3087a2b</code></a> [email protected]</li> <li><a href="https://github.com/npm/cli/commit/addb68478255fec2d8a3fc6020e65cb97e4affd3"><code>addb684</code></a> 6.14.9</li> <li><a href="https://github.com/npm/cli/commit/ae0bdc8b61a166d347332e5539de253114ebeed8"><code>ae0bdc8</code></a> update AUTHORS</li> <li><a href="https://github.com/npm/cli/commit/fe6f437beae882ee1d9814800b49d96717cbb72c"><code>fe6f437</code></a> docs: changelog for 6.14.9</li> <li><a href="https://github.com/npm/cli/commit/ab80a7cf092d52f4b055cc6d03c38b6115c4b582"><code>ab80a7c</code></a> [email protected]</li> <li><a href="https://github.com/npm/cli/commit/4a91e48aa92be5b2739ebcdd8a9a841ff5cb6817"><code>4a91e48</code></a> fix: docs generation breaking builds</li> <li><a href="https://github.com/npm/cli/commit/6b2ab9d532ef8ffce326f4caa23eb27f83765acd"><code>6b2ab9d</code></a> [email protected]</li> <li><a href="https://github.com/npm/cli/commit/bd2721dbc3de13a5ba889eba50644475d80f6948"><code>bd2721d</code></a> Fix spelling of npm in bug templates (<a href="https://github-redirect.dependabot.com/npm/cli/issues/1701">#1701</a>)</li> <li>Additional commits viewable in <a href="https://github.com/npm/cli/compare/v6.13.4...v6.14.10">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~darcyclarke">darcyclarke</a>, a new releaser for npm since your current version.</p> </details> <br /> [](https://dependabot.com/compatibility-score/?dependency-name=npm&package-manager=npm_and_yarn&previous-version=6.13.4&new-version=6.14.10) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot-preview[bot] and has received 1 comments.
Add a comment
Comment form would go here