Update dependency npm to v6.14.6 [SECURITY] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
npm (source)	6.13.6 -> 6.14.6

GitHub Vulnerability Alerts

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <protocol>://[<user>[:<password>]@&#8203;]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.

---

Release Notes

npm/cli (npm)

v6.14.6

Compare Source

6.14.6 (2020-07-07)

BUG FIXES

• a9857b8f6 chore: remove auth info from logs (@​claudiahdz)
• b7ad77598 #​1416 fix: wrong npm doctor command result (@​vanishcode)

DEPENDENCIES

• 94eca6377 npm-registry-fetch@4.0.5 (@​claudiahdz)
• c49b6ae28 #​1418 spdx-license-ids@3.0.5 (@​kemitchell)

v6.14.5

Compare Source

6.14.5 (2020-05-04)

BUG FIXES

• 33ec41f18 #​758 fix: relativize file links when inflating shrinkwrap (@​jsnajdr)
• 94ed456df #​1162 fix: npm init help output (@​mum-never-proud)

DEPENDENCIES

• 5587ac01f npm-registry-fetch@4.0.4
  • fc5d94c39 fix: removed default timeout
• 07a4d8884 graceful-fs@4.2.4
• 8228d1f2e mkdirp@0.5.5
• e6d208317 nopt@4.0.3

v6.14.4

Compare Source

6.14.4 (2020-03-25)

DEPENDENCIES

• 136832dca mkdirp@0.5.4
• Bump minimist@1.2.5 transitive dep to resolve security issue
  • 9c554fd8c update-notifier@2.5.0
  • bump deep-extend@1.2.5
  • bump is-ci@1.2.1
  • bump is-retry-allowed@1.2.0
  • bump rc@1.2.8
  • bump registry-auth-token@3.4.0
  • bump widest-line@2.0.1
• 8bf99b2b5 #​1053 deps: updates term-size to use signed binary

v6.14.3

Compare Source

6.14.3 (2020-03-19)

DOCUMENTATION

• 4ad221487 #​1020 docs(teams): updated team docs to reflect MFA workflow (@​blkdm0n)
• 4a31a4ba2 #​1034 docs: cleanup (@​ruyadorno)
• 0eac801cd #​1013 docs: fix links to cli commands (@​alenros)
• 7d8e5b99c #​755 docs: correction to npm update -g behaviour (@​johnkennedy9147)

DEPENDENCIES

• e11167646 mkdirp@0.5.3
  • c5b97d17d fix: bump minimist dep to resolve security issue (@​isaacs)
• c50d679c6 rimraf@2.7.1
• a2de99ff9 npm-registry-mock@1.3.1
• 217debeb9 npm-registry-couchapp@2.7.4

v6.14.2

Compare Source

6.14.2 (2020-03-03)

DOCUMENTATION

• f9248c0be #​730 chore(docs): update unpublish docs & policy reference (@​nomadtechie, @​mikemimik)

DEPENDENCIES

• 909cc3918 hosted-git-info@2.8.8 (@​darcyclarke)
  • 5038b1891 fix: regression in old node versions w/ respect to url.URL implmentation
• 9204ffa58 npm-profile@4.0.4 (@​isaacs)
  • 6bcf0860a fix: treat non-http/https login urls as invalid
• 0365d39bd glob@7.1.6 (@​isaacs)
• dab030536 node-gyp@5.1.0 (@​rvagg)

v6.14.1

Compare Source

6.14.1 (2020-02-26)

• 303e5c11e hosted-git-info@2.8.7 Fixes a regression where scp-style git urls are passed to the WhatWG URL parser, which does not handle them properly. (@​isaacs)

v6.14.0

Compare Source

6.14.0 (2020-02-25)

FEATURES

• 30f170877 #​731 add support for multiple funding sources (@​ljharb & @​ruyadorno)

BUG FIXES

• 55916b130 #​508 fix: check npm.config before accessing its members (@​kaiyoma)
• 7d0cd65b2 #​733 fix: access grant with unscoped packages (@​netanelgilad)
• 28c3d40d6, 0769c5b20 #​945, #​697 fix: allow new major versions of node to be automatically considered "supported" (@​isaacs, @​ljharb)

DEPENDENCIES

• 6f39e93 hosted-git-info@2.8.6 (@​darcyclarke)
  • fix: passwords & usernames are escaped properly in git deps (@​stevenhilder)
• f14b594ee chownr@1.1.4 (@​isaacs)
• 77044150b npm-packlist@1.4.8 (@​isaacs)
• 1d112461a npm-registry-fetch@4.0.3 (@​isaacs)
  • ba8b4fe fix: always bypass cache when ?write=true
• a47fed760 readable-stream@3.6.0
  • 3bbf2d6 fix: babel's "loose mode" class transform enbrittles BufferList (@​ljharb)

DOCUMENTATION

• 284c1c055, fbb5f0e50 #​729 update lifecycle hooks docs
  (@​seanhealy, @​mikemimik)
• 1c272832d #​787 fix: trademarks typo (@​dnicolson)
• f6ff41776 #​936 fix: postinstall example (@​ajaymathur)
• 373224b16 #​939 fix: bad links in publish docs (@​vit100)

MISCELLANEOUS

• 85c79636d #​736 add script to update dist-tags (@​mikemimik)

v6.13.7

Compare Source

6.13.7 (2020-01-28)

BUG FIXES

• 7dbb91438 #​655 Update CI detection cases (@​isaacs)

DEPENDENCIES

• 0fb1296c7 libnpx@10.2.2 (@​mikemimik)
• c9b69d569 node-gyp@5.0.7 (@​mikemimik)
• e8dbaf452 bin-links@1.1.7 (@​mikemimik)
  • #​613 Fixes bin entry for package

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (a502fca) 22.34% compared to head (5e270b2) 22.34%.
Report is 1 commits behind head on main.

❗ Current head 5e270b2 differs from pull request most recent head 0f18483. Consider uploading reports for the commit 0f18483 to get more accurate results

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1025   +/-   ##
=======================================
  Coverage   22.34%   22.34%           
=======================================
  Files          14       14           
  Lines         179      179           
  Branches       21       21           
=======================================
  Hits           40       40           
  Misses        121      121           
  Partials       18       18           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pils-frontend/package-lock.json

/usr/local/bin/docker: line 4: .: filename argument required
.: usage: . filename [arguments]
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: copy-webpack-plugin@5.1.1
npm ERR! Found: webpack@3.12.0
npm ERR! node_modules/webpack
npm ERR!   dev webpack@"3.12.0" from the root project
npm ERR!   peer webpack@">=2" from babel-loader@8.0.6
npm ERR!   node_modules/babel-loader
npm ERR!     dev babel-loader@"8.0.6" from the root project
npm ERR!   7 more (extract-text-webpack-plugin, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^4.0.0 || ^5.0.0" from copy-webpack-plugin@5.1.1
npm ERR! node_modules/copy-webpack-plugin
npm ERR!   dev copy-webpack-plugin@"5.1.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: webpack@5.88.2
npm ERR! node_modules/webpack
npm ERR!   peer webpack@"^4.0.0 || ^5.0.0" from copy-webpack-plugin@5.1.1
npm ERR!   node_modules/copy-webpack-plugin
npm ERR!     dev copy-webpack-plugin@"5.1.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/worker/f6eb40/048c02/cache/others/npm/_logs/2023-08-07T18_40_55_501Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/worker/f6eb40/048c02/cache/others/npm/_logs/2023-08-07T18_40_55_501Z-debug-0.log

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication