dependencies: upgrade npm 6.13.1 -> 6.13.4
This fixes some security vulnerabilites, among them an arbitrary file overwrite. The output of `npm audit` goes from this: found 17 vulnerabilities (15 low, 2 high) in 13344 scanned packages run `npm audit fix` to fix 6 of them. 1 vulnerability requires semver-major dependency updates. 10 vulnerabilities require manual review. See the full report for details. To this: found 5 vulnerabilities (3 low, 2 high) in 13370 scanned packages 1 vulnerability requires semver-major dependency updates. 4 vulnerabilities require manual review. See the full report for details. Changelog: - https://github.com/npm/cli/releases 6.13.4 (2019-12-11) BUGFIXES 320ac9aee npm/bin-links#12 npm/gentle-fs#7 Do not remove global bin/man links inappropriately (@isaacs) DEPENDENCIES 52fd21061 gentle-fs@2.3.0 (@isaacs) d06f5c0b0 bin-links@1.1.6 (@isaacs) 6.13.3 (2019-12-09) DEPENDENCIES 19ce061a2 bin-links@1.1.5 Properly normalize, sanitize, and verify bin entries in package.json. 59c836aae npm-packlist@1.4.7 fb4ecd7d2 pacote@9.5.11 5f33040 #476 npm/pacote#22 npm/pacote#14 fix: Do not drop perms in git when not root (isaacs, @darcyclarke) 6f229f7 sanitize and normalize package bin field (isaacs) 1743cb339 read-package-json@2.1.1 6.13.2 (2019-12-03) BUG FIXES 4429645b3 #546 fix docs target typo (@richardlau) 867642942 #142 fix(packageRelativePath): fix 'where' for file deps (@larsgw) d480f2c17 #527 Revert "windows: Add preliminary WSL support for npm and npx" (@craigloewen-msft) e4b97962e #504 remove unnecessary package.json read when reading shrinkwrap (@Lighting-Jack) 1c65d26ac #501 fix(fund): open url for string shorthand (@ruyadorno) ae7afe565 #263 Don't log error message if git tagging is disabled (@woppa684) 4c1b16f6a #182 Warn the user that it is uninstalling npm-install (@Hoidberg)pull/3668/head
parent
b6105d8c75
commit
140d5c4b41
File diff suppressed because it is too large
Load Diff
|
@ -49,7 +49,7 @@
|
|||
"log4js": "0.6.35",
|
||||
"measured-core": "1.11.2",
|
||||
"nodeify": "^1.0.1",
|
||||
"npm": "6.13.1",
|
||||
"npm": "6.13.4",
|
||||
"object.values": "^1.0.4",
|
||||
"request": "2.88.0",
|
||||
"resolve": "1.1.7",
|
||||
|
|
Loading…
Reference in New Issue