chore(deps): [Security] Bump npm from 6.13.4 to 6.14.11#54
Closed
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)
Bumps [npm](https://github.com/npm/cli) from 6.13.4 to 6.14.11. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-93f3-23rq-pjfp">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Sensitive information exposure through logs in npm CLI</strong> Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <code>://[[:]@][:][:][/]</code>. The password value is not redacted and is printed to stdout and also to any generated log files.</p> <p>Affected versions: < 6.14.6</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/npm/cli/releases">npm's releases</a>.</em></p> <blockquote> <h2>v6.14.11</h2> <h2>6.14.11 (2021-01-07)</h2> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/19108ca5be1b3e7e9787dac3131aafe2722c6218"><code>19108ca5b</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/7a05740743ac9d9229e2dc9e1b9ca8b57d58c789"><code>7a0574074</code></a> <code>[email protected]</code> - devDep</li> </ul> <h3>DOCUMENTATION</h3> <ul> <li><a href="https://github.com/npm/cli/commit/1d235b230b44c5b97236cf42c6e5be18419b3263"><code>1d235b230</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1881">#1881</a> docs: update link to CLI issues</li> </ul> <h3>TESTING</h3> <ul> <li><a href="https://github.com/npm/cli/commit/c0f8ce8fe0924ea9754d1163ea81a3d59af51b43"><code>c0f8ce8fe</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1751">#1751</a> add s390x, ppc64 and ppc64el in supported cpu list</li> </ul> <h2>v6.14.10</h2> <h2>6.14.10 (2020-12-18)</h2> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/906d647e1cacd74243abcacba3bade80437f30f5"><code>906d647e1</code></a> <code>[email protected]</code> <ul> <li>fixes: <a href="https://github-redirect.dependabot.com/nodejs/node/issues/36445"><code>[#36445](https://github.com/npm/cli/issues/36445)</code></a> addressing <a href="https://securitylab.github.com/advisories/GHSL-2020-145-domenic-opener"><code>GHSL-2020-145</code></a></li> </ul> </li> </ul> <h2>v6.14.9</h2> <h2>6.14.9 (2020-11-20)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/4a91e48aa92be5b2739ebcdd8a9a841ff5cb6817"><code>4a91e48aa</code></a> fix: docs generation breaking builds</li> </ul> <h3>DEPENDDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/ab80a7cf092d52f4b055cc6d03c38b6115c4b582"><code>ab80a7cf0</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://github.com/advisories/GHSA-xgh6-85xh-479p">GHSA-xgh6-85xh-479p</a></li> </ul> </li> <li><a href="https://github.com/npm/cli/commit/6b2ab9d532ef8ffce326f4caa23eb27f83765acd"><code>6b2ab9d53</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://snyk.io/vuln/SNYK-JS-AJV-584908">SNYK-JS-AJV-584908</a></li> </ul> </li> </ul> <h2>v6.14.8</h2> <h2>6.14.8 (2020-08-17)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/9262e8c88f2f828206423928b8e21eea67f4801a"><code>9262e8c88</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1575">#1575</a> npm install --dev deprecation message (<a href="https://github.com/sandratatarevicova">@sandratatarevicova</a>)</li> <li><a href="https://github.com/npm/cli/commit/765cfe0bc05a10b72026291ff0ca7c9ca5cb3f57"><code>765cfe0bc</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/issues/1658">#1658</a> remove unused broken require (<a href="https://github.com/aduh95">@aduh95</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e28de79a3a0aacc7603010a592beb448ceb6f5f"><code>4e28de79a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1663">#1663</a> Do not send user secret in the referer header (<a href="https://github.com/assapir">@assapir</a>)</li> </ul> <h3>DOCUMENTATION</h3> <ul> <li><a href="https://github.com/npm/cli/commit/8abdf30c95ec90331456f3f2ed78e2703939bb74"><code>8abdf30c9</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1572">#1572</a> docs: add missing metadata in semver page (<a href="https://github.com/tripu">@tripu</a>)</li> <li><a href="https://github.com/npm/cli/commit/8cedcca464ced5aab58be83dd5049c3df13384de"><code>8cedcca46</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1614">#1614</a> Node-gyp supports both Python and legacy Python (<a href="https://github.com/cclauss">@cclauss</a>)</li> </ul> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/a303b75fd7c4b2644da02ad2ad46d80dfceec3c5"><code>a303b75fd</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/c48600832aff4cc349f59997e08dc4bbde15bd49"><code>c48600832</code></a> <code>[email protected]</code></li> <li><a href="https://github.com/npm/cli/commit/a6e9fc4df7092ba3eb5394193638b33c24855c36"><code>a6e9fc4df</code></a> <code>[email protected]</code></li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/cli/blob/v6.14.11/CHANGELOG.md">npm's changelog</a>.</em></p> <blockquote> <h2>6.14.11 (2021-01-07)</h2> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/19108ca5be1b3e7e9787dac3131aafe2722c6218"><code>19108ca5b</code></a> <code>[email protected]</code>: <ul> <li>addressing <a href="https://github.com/advisories/GHSA-qqgx-2p2h-9c37"><code>CVE-2020-7788</code></a></li> </ul> </li> <li><a href="https://github.com/npm/cli/commit/7a05740743ac9d9229e2dc9e1b9ca8b57d58c789"><code>7a0574074</code></a> <code>[email protected]</code> <ul> <li>addressing <a href="https://github.com/advisories/GHSA-pp7h-53gx-mx7r"><code>CVE-2020-8244</code></a></li> </ul> </li> </ul> <h2>6.14.10 (2020-12-18)</h2> <h3>DEPENDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/906d647e1cacd74243abcacba3bade80437f30f5"><code>906d647e1</code></a> <code>[email protected]</code> <ul> <li>fixes: <a href="https://github-redirect.dependabot.com/nodejs/node/issues/36445"><code>[#36445](https://github.com/npm/cli/issues/36445)</code></a> addressing <a href="https://securitylab.github.com/advisories/GHSL-2020-145-domenic-opener"><code>GHSL-2020-145</code></a></li> </ul> </li> </ul> <h2>6.14.9 (2020-11-20)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/4a91e48aa92be5b2739ebcdd8a9a841ff5cb6817"><code>4a91e48aa</code></a> fix: docs generation breaking builds</li> </ul> <h3>DEPENDDENCIES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/ab80a7cf092d52f4b055cc6d03c38b6115c4b582"><code>ab80a7cf0</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://github.com/advisories/GHSA-xgh6-85xh-479p">GHSA-xgh6-85xh-479p</a></li> </ul> </li> <li><a href="https://github.com/npm/cli/commit/6b2ab9d532ef8ffce326f4caa23eb27f83765acd"><code>6b2ab9d53</code></a> <code>[email protected]</code> <ul> <li>dep update to resolve security issue <a href="https://snyk.io/vuln/SNYK-JS-AJV-584908">SNYK-JS-AJV-584908</a></li> </ul> </li> </ul> <h2>6.14.8 (2020-08-17)</h2> <h3>BUG FIXES</h3> <ul> <li><a href="https://github.com/npm/cli/commit/9262e8c88f2f828206423928b8e21eea67f4801a"><code>9262e8c88</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1575">#1575</a> npm install --dev deprecation message (<a href="https://github.com/sandratatarevicova">@sandratatarevicova</a>)</li> <li><a href="https://github.com/npm/cli/commit/765cfe0bc05a10b72026291ff0ca7c9ca5cb3f57"><code>765cfe0bc</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/issues/1658">#1658</a> remove unused broken require (<a href="https://github.com/aduh95">@aduh95</a>)</li> <li><a href="https://github.com/npm/cli/commit/4e28de79a3a0aacc7603010a592beb448ceb6f5f"><code>4e28de79a</code></a> <a href="https://github-redirect.dependabot.com/npm/cli/pull/1663">#1663</a> Do not send user secret in the referer header (<a href="https://github.com/assapir">@assapir</a>)</li> </ul> <h3>DOCUMENTATION</h3> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/cli/commit/ef5b0d368182aaebf87be053fc5a1b8f7deccadc"><code>ef5b0d3</code></a> 6.14.11</li> <li><a href="https://github.com/npm/cli/commit/121a6f2a46655d7549157edf516224c9d3f66891"><code>121a6f2</code></a> update AUTHORS</li> <li><a href="https://github.com/npm/cli/commit/7f14d6435f8b7553bc4a6fc4c20c4727a307596b"><code>7f14d64</code></a> docs: changelog for v6.14.11</li> <li><a href="https://github.com/npm/cli/commit/c0f8ce8fe0924ea9754d1163ea81a3d59af51b43"><code>c0f8ce8</code></a> Add s390x, ppc64 and ppc64el in supported cpu list</li> <li><a href="https://github.com/npm/cli/commit/1d235b230b44c5b97236cf42c6e5be18419b3263"><code>1d235b2</code></a> docs: update link to CLI issues</li> <li><a href="https://github.com/npm/cli/commit/7a05740743ac9d9229e2dc9e1b9ca8b57d58c789"><code>7a05740</code></a> [email protected]</li> <li><a href="https://github.com/npm/cli/commit/19108ca5be1b3e7e9787dac3131aafe2722c6218"><code>19108ca</code></a> [email protected]</li> <li><a href="https://github.com/npm/cli/commit/5caaff41f6748c7c2cbd8c34c3f4a399687806a5"><code>5caaff4</code></a> docs: changelog for 6.14.10</li> <li><a href="https://github.com/npm/cli/commit/07d6062d168ba2f82f0a100d51fd68c8d1a4dca7"><code>07d6062</code></a> 6.14.10</li> <li><a href="https://github.com/npm/cli/commit/3087a2b8707b18517ae6c7a3a272b8deec41b80f"><code>3087a2b</code></a> [email protected]</li> <li>Additional commits viewable in <a href="https://github.com/npm/cli/compare/v6.13.4...v6.14.11">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~darcyclarke">darcyclarke</a>, a new releaser for npm since your current version.</p> </details> <br /> [](https://dependabot.com/compatibility-score/?dependency-name=npm&package-manager=npm_and_yarn&previous-version=6.13.4&new-version=6.14.11) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot-preview[bot] and has received 1 comments.
Add a comment
Comment form would go here