Update dependency npm to v6.14.6 [SECURITY] #47
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
b873b4d to
fdc49c8
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
fdc49c8 to
2c30701
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
2c30701 to
31130ea
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
31130ea to
d50b6c4
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
d50b6c4 to
be65b56
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
be65b56 to
d4bdb3c
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
d4bdb3c to
8da39a3
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
8da39a3 to
32125ec
Compare
|
There were the following issues with this Pull Request
You may need to change the commit messages to comply with the repository contributing guidelines. 🤖 This comment was generated by commitlint[bot]. Please report issues here. Happy coding! |
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
6 times, most recently
from
5faae0f to
b498d37
Compare
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
b498d37 to
9f0af9b
Compare
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
6 times, most recently
from
f72ad2e to
ec1a391
Compare
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
5 times, most recently
from
ef657c9 to
cd70de6
Compare
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
3 times, most recently
from
dd3b9d3 to
2a5a5e9
Compare
renovate
bot
force-pushed
the
renovate/npm-npm-vulnerability
branch
from
2a5a5e9 to
5a6a551
Compare
This PR contains the following updates:
6.13.6->6.14.6GitHub Vulnerability Alerts
CVE-2020-15095
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like
<protocol>://[<user>[:<password>]@​]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.Release Notes
npm/cli
v6.14.6Compare Source
BUG FIXES
a9857b8f6chore: remove auth info from logs (@claudiahdz)b7ad77598#1416 fix: wrongnpm doctorcommand result (@vanishcode)DEPENDENCIES
94eca6377[email protected](@claudiahdz)c49b6ae28#1418[email protected](@kemitchell)DOCUMENTATION
2e052984b#1459
chore(docs): fixed links to cli commands (@claudiahdz)
0ca3509ca#1283 Update npm-link.md (@peterfich)
3dd429e9a#1377
Add note about dropped
*filenames (@maxwellgerber)9a2e2e797#1429 Fix typo (@seanpoulter)
v6.14.5Compare Source
BUG FIXES
33ec41f18#758 fix: relativize file links when inflating shrinkwrap (@jsnajdr)94ed456df#1162 fix: npm init help output (@mum-never-proud)DEPENDENCIES
5587ac01f[email protected]fc5d94c39fix: removed default timeout07a4d8884[email protected]8228d1f2e[email protected]e6d208317[email protected]v6.14.4Compare Source
DEPENDENCIES
[email protected]transitive dep to resolve security issue9c554fd8c[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]136832dca[email protected]8bf99b2b5#1053 deps: updates term-size to use signed binaryd2f08a1bdb(@rvagg)v6.14.3Compare Source
DOCUMENTATION
4ad221487#1020 docs(teams): updated team docs to reflect MFA workflow (@blkdm0n)4a31a4ba2#1034 docs: cleanup (@ruyadorno)0eac801cd#1013 docs: fix links to cli commands (@alenros)7d8e5b99c#755 docs: correction tonpm update -gbehaviour (@johnkennedy9147)DEPENDENCIES
e11167646[email protected]c5b97d17dfix: bumpminimistdep to resolve security issue (@isaacs)c50d679c6[email protected]a2de99ff9[email protected]217debeb9[email protected]v6.14.2Compare Source
DOCUMENTATION
f9248c0be#730 chore(docs): update unpublish docs & policy reference (@nomadtechie, @mikemimik)DEPENDENCIES
909cc3918[email protected](@darcyclarke)5038b1891fix: regression in old node versions w/ respect to url.URL implmentation9204ffa58[email protected](@isaacs)6bcf0860afix: treat non-http/https login urls as invalid0365d39bd[email protected](@isaacs)dab030536[email protected](@rvagg)v6.14.1Compare Source
303e5c11e[email protected]Fixes a regression where scp-style git urls are passed to the WhatWG URL
parser, which does not handle them properly.
(@isaacs)
v6.14.0Compare Source
FEATURES
30f170877#731 add support for multiple funding sources (@ljharb & @ruyadorno)BUG FIXES
55916b130#508 fix: checknpm.configbefore accessing its members (@kaiyoma)7d0cd65b2#733 fix: access grant with unscoped packages (@netanelgilad)28c3d40d6,0769c5b20#945, #697 fix: allow new major versions of node to be automatically considered "supported" (@isaacs, @ljharb)DEPENDENCIES
6f39e93[email protected](@darcyclarke)f14b594ee[email protected](@isaacs)77044150b[email protected](@isaacs)1d112461a[email protected](@isaacs)ba8b4fefix: always bypass cache when ?write=truea47fed760[email protected]3bbf2d6fix: babel's "loose mode" class transform enbrittles BufferList (@ljharb)DOCUMENTATION
284c1c055,fbb5f0e50#729 update lifecycle hooks docs(@seanhealy, @mikemimik)
1c272832d#787 fix: trademarks typo (@dnicolson)f6ff41776#936 fix: postinstall example (@ajaymathur)373224b16#939 fix: bad links in publish docs (@vit100)MISCELLANEOUS
85c79636d#736 add script to update dist-tags (@mikemimik)v6.13.7Compare Source
BUG FIXES
7dbb91438#655
Update CI detection cases
(@isaacs)
DEPENDENCIES
0fb1296c7[email protected](@mikemimik)
c9b69d569[email protected](@mikemimik)
e8dbaf452[email protected](@mikemimik)
Renovate configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.