[Snyk] Upgrade npm from 7.0.7 to 8.15.1 #9

MarcelRaschke · 2022-08-20T20:03:46Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade npm from 7.0.7 to 8.15.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 100 versions ahead of your current version.
The recommended version was released 24 days ago, on 2022-07-27.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-NPMCLIARBORIST-1579181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-NPMCLIARBORIST-1579165	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-NPMCLIGIT-1536784	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: npm

8.15.1 - 2022-07-27
v8.15.1 (2022-07-27)

Bug Fixes
- 9905d0e #5197 fix: don't fail immediately if cache dir is not accessible (@ lukekarrys)
- 0e3660e #5206 fix(init): allow for spec on scope-only arg (@ wraithgar)
- 62b95a0 #5122 fix: allow hash character in paths (@ AgainPsychoX)
Documentation
- f9abee7 #5205 docs: update commit-ish default branch (@ dijonkitchen)
- 77bf2e1 #5218 docs: update npm-ls.md (@ MapleCCC)
- de40c31 #5207 docs: sync ci params with install (@ wraithgar)
- 4d1d8a9 #5221 docs: describe implicit workspace and prefix configuration (@ fritzy) (@ lukekarrys) (@ wraithgar)
Dependencies
- 3bbb293 #5223 deps: @ npmcli/[email protected]
8.15.0 - 2022-07-20
v8.15.0 (2022-07-20)

Features
- 5ef53ee #5160 feat: accept registry-scoped certfile and keyfile as credentials (@ jenseng)
- c8bdb4a #5098 feat: Support pure web authentication for commands (@ jumoel) (@ ljharb) (@ hfaulds) (@ sandeepmeduru)
Bug Fixes
- 9c590fa #5172 fix: disable progress bar on publish (@ wraithgar)
- 2fa3271 #5196 fix: add missing ` in adduser warning (@ MylesBorins)
Documentation
- 7efad06 #5168 docs: Update audit signatures cmd (@ feelepxyz)
- 8ab5fca #5171 docs: correct bundledDependencies -> bundleDependencies (@ nlf)
Dependencies
- 64fe64b #5187 deps: @ npmcli/[email protected]
- 51b12a0 #5187 deps: [email protected]
- 3ae1b81 #5190 deps: [email protected]
8.14.0 - 2022-07-13
v8.14.0 (2022-07-13)

Features
- f032e1c #4827 feat: add npm audit signatures (@ feelepxyz)
- e8102c1 #5076 feat: Add web auth type (@ jumoel)
- e9b4214 #5094 feat(arborist): add support for dependencies script (@ nlf)
- c6c4ba3 #5149 feat: notify on adduser of upcoming cmds, login and register (@ fritzy)
- e58f02f #5149 feat: warn on config --auth-type=sso/saml/oauth, undeprecate --auth-type (@ fritzy)
Bug Fixes
- 52ec5ec #5154 fix: properly open package arg repo inside workspace (@ wraithgar)
Documentation
- 9697f16 #5118 docs: typo in npm command (@ crisanmm)
- da5a4ba #5079 docs: update reference to deprecated spdx package (@ kachick)
- 25b3058 #5043 docs: naming of files in example code should be consistent (@ xc1427)
- ac56fc4 #5095 docs: document dependencies script (@ nlf)
Dependencies
- cb0db7c #5147 deps: @ npmcli/[email protected]
- b8c0580 #5156 deps: [email protected]
- ad72611 #5156 deps: [email protected]
- c94919d #5156 deps: [email protected]
- 18ddc57 #5156 deps: [email protected]
- a2d700b #5156 deps: [email protected]
- 99dc697 #5156 deps: @ npmcli/[email protected]
- 4a9f2dc #5157 deps: [email protected]
- 45a9bde #5158 deps: [email protected]
8.13.2 - 2022-06-29
v8.13.2 (2022-06-29)

Documentation
- 5be7d6e #5087 docs: add foreground-scripts to run-script page (@ ruyadorno)
Dependencies
- dd62328 #5086 deps: @ npmcli/[email protected]
- 5546906 #5086 deps: @ npmcli/[email protected]
- c7d5a69 #5102 deps: @ npmcli/[email protected]
- 7ce66b0 #5103 deps: [email protected]
8.13.1 - 2022-06-23
v8.13.1 (2022-06-23)

Dependencies
- f59a114 #5064 deps: @ npmcli/[email protected]
  - fix: improves escaping of arguments for run-script, exec and npx (@ nlf)
- 236b4a2 #5069 deps: [email protected]
- 0a6664d #5070 deps: @ npmcli/[email protected]
- 9f94049 #5071 deps: [email protected]
- 8212363 #5072 deps: [email protected]
8.13.0 - 2022-06-22
8.12.2 - 2022-06-15
8.12.1 - 2022-06-02
8.12.0 - 2022-06-01
8.11.0 - 2022-05-25
8.10.0 - 2022-05-11
8.9.0 - 2022-05-04
8.8.0 - 2022-04-27
8.7.0 - 2022-04-14
8.6.0 - 2022-03-31
8.5.5 - 2022-03-17
8.5.4 - 2022-03-10
8.5.3 - 2022-03-03
8.5.2 - 2022-02-24
8.5.1 - 2022-02-17
8.5.0 - 2022-02-10
8.4.1 - 2022-02-03
8.4.0 - 2022-01-27
8.3.2 - 2022-01-20
8.3.1 - 2022-01-13
8.3.0 - 2021-12-09
8.2.0 - 2021-12-02
8.1.4 - 2021-11-18
8.1.3 - 2021-11-04
8.1.2 - 2021-10-28
8.1.1 - 2021-10-21
8.1.0 - 2021-10-14
8.0.0 - 2021-10-07
7.24.2 - 2021-10-04
7.24.1 - 2021-09-23
7.24.0 - 2021-09-16
7.23.0 - 2021-09-09
7.22.0 - 2021-09-02
7.21.1 - 2021-08-26
7.21.0 - 2021-08-19
7.20.6 - 2021-08-12
7.20.5 - 2021-08-05
7.20.4 - 2021-08-05
7.20.3 - 2021-07-29
7.20.2 - 2021-07-27
7.20.1 - 2021-07-22
7.20.0 - 2021-07-15
7.19.1 - 2021-07-01
7.19.0 - 2021-06-24
7.18.1 - 2021-06-17
7.18.0 - 2021-06-17
7.17.0 - 2021-06-10
7.16.0 - 2021-06-03
7.15.1 - 2021-05-31
7.15.0 - 2021-05-27
7.14.0 - 2021-05-20
7.13.0 - 2021-05-13
7.12.1 - 2021-05-10
7.12.0 - 2021-05-06
7.11.2 - 2021-04-29
7.11.1 - 2021-04-23
7.11.0 - 2021-04-23
7.10.0 - 2021-04-15
7.9.0 - 2021-04-08
7.8.0 - 2021-04-01
7.7.6 - 2021-03-29
7.7.5 - 2021-03-25
7.7.4 - 2021-03-24
7.7.3 - 2021-03-24
7.7.2 - 2021-03-24
7.7.1 - 2021-03-24
7.7.0 - 2021-03-23
7.6.3 - 2021-03-11
7.6.2 - 2021-03-09
7.6.1 - 2021-03-04
7.6.0 - 2021-02-25
7.5.6 - 2021-02-22
7.5.5 - 2021-02-22
7.5.4 - 2021-02-12
7.5.3 - 2021-02-08
7.5.2 - 2021-02-02
7.5.1 - 2021-02-01
7.5.0 - 2021-01-28
7.4.3 - 2021-01-21
7.4.2 - 2021-01-15
7.4.1 - 2021-01-14
7.4.0 - 2021-01-07
7.3.0 - 2020-12-18
7.2.0 - 2020-12-15
7.1.2 - 2020-12-11
7.1.1 - 2020-12-09
7.1.0 - 2020-12-04
7.0.15 - 2020-11-27
7.0.14 - 2020-11-23
7.0.13 - 2020-11-20
7.0.12 - 2020-11-17
7.0.11 - 2020-11-13
7.0.10 - 2020-11-10
7.0.9 - 2020-11-06
7.0.8 - 2020-11-03
7.0.7 - 2020-10-30

from npm GitHub release notes

Commit messages

Package name: npm

58cc362 8.15.1
17b1dea chore: update AUTHORS
a1f6d97 chore: changelog for v8.15.1
3bbb293 deps: @ npmcli/[email protected]
a02cce5 chore(latest): release arborist 5.3.1
4d1d8a9 docs: describe implicit workspace and prefix configuration (#5221)
62b95a0 fix: allow hash character in paths (#5122)
de40c31 docs: sync ci params with install (#5207)
0e3660e fix(init): allow for spec on scope-only arg (#5206)
77bf2e1 docs: update npm-ls.md (#5218)
f9abee7 docs: update commit-ish default branch (#5205)
9905d0e fix: don't fail immediately if cache dir is not accessible (#5197)
4c94530 8.15.0
a06d196 chore: update AUTHORS
6014a94 chore: changelog for v8.15.0
c8bdb4a feat: Support pure web authentication for commands
68ade72 chore(contributing.md): add conventional commit info (#5169)
bf3b26c chore: add dependency graph to dependencies script (#5186)
3ae1b81 deps: [email protected] (#5190)
8ab5fca docs: correct bundledDependencies -> bundleDependencies (#5171)
2fa3271 fix: add missing ` in adduser warning (#5196)
9c590fa fix: disable progress bar on publish (#5172)
7efad06 docs: Update audit signatures cmd (#5168)
5ef53ee feat: accept registry-scoped certfile and keyfile as credentials (#5160)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade npm from 7.0.7 to 8.15.1. See this package in npm: https://www.npmjs.com/package/npm See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/22346403-8a9e-4aa9-a00f-668fb10adaac?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade npm from 7.0.7 to 8.15.1 #9

[Snyk] Upgrade npm from 7.0.7 to 8.15.1 #9

MarcelRaschke commented Aug 20, 2022

v8.15.1 (2022-07-27)

Bug Fixes

Documentation

Dependencies

v8.15.0 (2022-07-20)

Features

Bug Fixes

Documentation

Dependencies

v8.14.0 (2022-07-13)

Features

Bug Fixes

Documentation

Dependencies

v8.13.2 (2022-06-29)

Documentation

Dependencies

v8.13.1 (2022-06-23)

Dependencies

[Snyk] Upgrade npm from 7.0.7 to 8.15.1 #9

Are you sure you want to change the base?

[Snyk] Upgrade npm from 7.0.7 to 8.15.1 #9

Conversation

MarcelRaschke commented Aug 20, 2022

Snyk has created this PR to upgrade npm from 7.0.7 to 8.15.1.

v8.15.1 (2022-07-27)

Bug Fixes

Documentation

Dependencies

v8.15.0 (2022-07-20)

Features

Bug Fixes

Documentation

Dependencies

v8.14.0 (2022-07-13)

Features

Bug Fixes

Documentation

Dependencies

v8.13.2 (2022-06-29)

Documentation

Dependencies

v8.13.1 (2022-06-23)

Dependencies