[Snyk] Upgrade npm from 6.4.1 to 6.13.0

[snyk-bot]

Snyk has created this PR to upgrade npm from 6.4.1 to 6.13.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 34 versions ahead of your current version.
• The recommended version was released 19 days ago, on 2019-11-05.

The recommended version fixes:

Severity	Title	Issue ID
	Arbitrary File Overwrite	SNYK-JS-FSTREAM-174725

Release notes

• Package name: npm
  • 6.13.0 - 2019-11-05

    6.13.0 (2019-11-05)

    NEW FEATURES

    • 4414b06d9 #273 add fund command (@ruyadorno)

    DOCUMENTATION

    • ae4c74d04 #274 migrate existing docs to gatsby (@claudiahdz)
    • 4ff1bb180 #277 updated documentation copy (@oletizi)

    BUG FIXES

    • e4455409f #281 delete ps1 files on package removal (@NoDocCat)
    • cd14d4701 #279 update supported node list to remove v6.0, v6.1, v9.0 - v9.2 (@ljharb)

    DEPENDENCIES

    • a37296b20 pacote@9.5.9
    • d3cb3abe8 read-cmd-shim@1.0.5

    TESTING

    • 688cd97be #272 use github actions for CI (@JasonEtco)
    • 9a2d8af84 #240 Clean up some flakiness and inconsistency (@isaacs)
  • 6.12.1 - 2019-10-29

    6.12.1 (2019-10-29)

    BUG FIXES

    • 6508e833d #269 add node v13 as a supported version (@ljharb)
    • b6588a8f7 #265 Fix regression in lockfile repair for sub-deps (@feelepxyz)
    • d5dfe57a1 #266 resolve circular dependency in pack.js (@addaleax)

    DEPENDENCIES

    • 73678bb59 chownr@1.1.3
    • 4b76926e2 graceful-fs@4.2.3
    • c691f36a9 libcipm@4.0.7
    • 5e1a14975 npm-packlist@1.4.6
    • c194482d6 npm-registry-fetch@4.0.2
    • bc6a8e0ec tar@4.4.1
    • 4dcca3cbb uuid@3.3.3
  • 6.12.0 - 2019-10-08

    6.12.0 (2019-10-08):

    Now npm ci runs prepare scripts for git dependencies, and respects the --no-optional argument. Warnings for engine mismatches are printed again. Various other fixes and cleanups.

    BUG FIXES

    • 890b245dc #252 ci: add dirPacker to options (@claudiahdz)
    • f3299acd0 #257 npm.community#4792 warn message on engine mismatch (@ruyadorno)
    • bbc92fb8f #259 npm.community#10288 Fix figgyPudding error in npm token (@benblank)
    • 70f54dcb5 #241 doctor: Make OK more consistent (@gemal)

    FEATURES

    • ed993a29c #249 Add CI environment variables to user-agent (@isaacs)
    • f6b0459a4 #248 Add option to save package-lock without formatting Adds a new config --format-package-lock, which defaults to true. (@bl00mber)

    DEPENDENCIES

    • 0ca063c5d npm-lifecycle@3.1.4:
      • fix: filter functions and undefined out of makeEnv (@isaacs)
    • 5df6b0ea2 libcipm@4.0.4:
      • fix: pack git directories properly (@claudiahdz)
      • respect no-optional argument (@cruzdanilo)
    • 7e04f728c tar@4.4.12
    • 5c380e5a3 stringify-package@1.0.1 (@isaacs)
    • 62f2ca692 node-gyp@5.0.5 (@isaacs)
    • 0ff0ea47a npm-install-checks@3.0.2 (@isaacs)
    • f46edae94 hosted-git-info@2.8.5 (@isaacs)

    TESTING

    • 44a2b036b #262 fix root-ownership race conditions in meta-test (@isaacs)
  • 6.12.0-next.0 - 2019-09-26

    Now npm ci runs prepare scripts for git dependencies, and respects the --no-optional argument.

    BUG FIXES

    • 890b245dc #252 chore(ci): add dirPacker to options (@claudiahdz)

    DEPENDENCIES

    • 0ca063c5d npm-lifecycle@3.1.4:
      • fix: filter functions and undefined out of makeEnv (@isaacs)
    • 5df6b0ea2 libcipm@4.0.4:
      • fix: pack git directories properly (@claudiahdz)
      • respect no-optional argument (@cruzdanilo)
    • 7e04f728c tar@4.4.12
  • 6.11.3 - 2019-09-03

    6.11.3 (2019-09-03):

    Fix npm ci regressions and npm outdated depth.

    BUG FIXES

    • 235ed1d28#239 Don't override user specified depth in outdated. Restores ability to update packages using --depth as suggested by npm audit. (@G-Rath)
    • 1fafb5151#242 npm.community#9586 Revert "install: do not descend into directory deps' child modules" (@isaacs)
    • cebf542e6#243 npm.community#9720 ci: pass appropriate configs for file/dir modes (@isaacs)

    DEPENDENCIES

    • e5fbb7ed1 read-cmd-shim@1.0.4 (@claudiahdz)
    • 23ce65616 npm-pick-manifest@3.0.2 (@claudiahdz)
  • 6.11.2 - 2019-08-22

    6.11.2 (2019-08-22):

    Fix a recent Windows regression, and two long-standing Windows bugs. Also, get CI running on Windows, so these things are less likely in the future.

    DEPENDENCIES

    • 9778a1b87 cmd-shim@3.0.3: Fix regression where shims fail to preserve exit code (@isaacs)
    • bf93e91d8 npm-package-arg@6.1.1: Properly handle git+file: urls on Windows when a drive letter is included. (@isaacs)

    BUGFIXES

    • 6cc4cc66f escape args properly on Windows Bash Despite being bash, Node.js running on windows git mingw bash still executes child processes using cmd.exe. As a result, arguments in this environment need to be escaped in the style of cmd.exe, not bash. (@isaacs)

    TESTS

    • 291aba7b8 make tests pass on Windows (@isaacs)
    • fea3a023a travis: run tests on Windows as well (@isaacs)
  • 6.11.1 - 2019-08-21

    6.11.1 (2019-08-20):

    Fix a regression for windows command shim syntax.

    • 37db29647 cmd-shim@3.0.2 (@isaacs)
  • 6.11.0 - 2019-08-20

    v6.11.0 (2019-08-20):

    A few meaty bugfixes, and introducing peerDependenciesMeta.

    FEATURES

    • a12341088 #224 Implements peerDependenciesMeta (@arcanis)
    • 2f3b79bba #234 add new forbidden 403 error code (@claudiahdz)

    BUGFIXES

    • 24acc9fc8 and 45772af0d #217 npm.community#8863 npm.community#9327 do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages (@isaacs and @salomvary)
    • 50cfe113d #229 fixed typo in semver doc (@gall0ws)
    • e8fb2a1bd #231 Fix spelling mistakes in CHANGELOG-3.md (@XhmikosR)
    • 769d2e057 npm/uid-number#7 Better error on invalid --user/--group configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. (@isaacs)
    • 8b43c9624 nodejs/node#28987 npm.community#6032 npm.community#6658 npm.community#6069 npm.community#9323 Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. (@isaacs)
    • 8b85eaa47 save files with inferred ownership rather than relying on SUDO_UID and SUDO_GID. (@isaacs)
    • b7f6e5f02 Infer ownership of shrinkwrap files (@isaacs)
    • 54b095d77 #235 Add spec to dist-tag remove function (@theberbie)

    DEPENDENCIES

    • dc8f9e52f pacote@9.5.7: Infer the ownership of all unpacked files in node_modules, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. (@isaacs)
    • bb33940c3 cmd-shim@3.0.0:
      • 9c93ac3 #2 npm#3380 Handle environment variables properly (@basbossink)
      • 2d277f8 #25 #36 #35 Fix 'no shebang' case by always providing $basedir in shell script (@igorklopov)
      • adaf20b #26 Fix $* causing an error when arguments contain parentheses (@satazor)
      • 49f0c13 #30 Fix paths for MSYS/MINGW bash (@dscho)
      • 51a8af3 #34 Add proper support for PowerShell (@ExE-Boss)
      • 4c37e04 #10 Work around quoted batch file names (@isaacs)
    • a4e279544 npm-lifecycle@3.1.3 (@isaacs):
      • fail properly if uid-number raises an error
    • 7086a1809 libcipm@4.0.3 (@isaacs)
    • 8845141f9 read-package-json@2.1.0 (@isaacs)
    • 51c028215 bin-links@1.1.3 (@isaacs)
    • 534a5548c read-cmd-shim@1.0.3 (@isaacs)
    • 3038f2fd5 gentle-fs@2.2.1 (@isaacs)
    • a609a1648 graceful-fs@4.2.2 (@isaacs)
    • f0346f754 cacache@12.0.3 (@isaacs)
    • ca9c615c8 npm-pick-manifest@3.0.0 (@isaacs)
    • b417affbf pacote@9.5.8 (@isaacs)

    TESTS

    • b6df0913c #228 Proper handing of /usr/bin/node lifecycle-path test (@olivr70)
    • aaf98e88c npm-registry-mock@1.3.0 (@isaacs)
  • 6.10.3 - 2019-08-06

    v6.10.3 (2019-08-06):

    BUGFIXES

    • 27cccfbda #223 vulns → vulnerabilities in npm audit output (@sapegin)
    • d5e865eb7 #222 #226 install, doctor: don't crash if registry unset (@dmitrydvorkin, @isaacs)
    • 5b3890226 #227 npm.community#9167 Handle unhandledRejections, tell user what to do when encountering an EACCES error in the cache. (@isaacs)

    DEPENDENCIES

    • 77516df6e licensee@7.0.3 (@isaacs)
    • ceb993590 query-string@6.8.2 (@isaacs)
    • 4050b9189 hosted-git-info@2.8.2
      • #46 #43 #47 #44 Add support for GitLab subgroups (@mterrel, @isaacs, @ybiquitous)
      • 3b1d629 #48 fix http protocol using sshurl by default (@fengmk2)
      • 5d4a8d7 ignore noCommittish on tarball url generation (@isaacs)
      • 1692435 use gist tarball url that works for anonymous gists (@isaacs)
      • d5cf830 Do not allow invalid gist urls (@isaacs)
      • e518222 Use LRU cache to prevent unbounded memory consumption (@iarna)
  • 6.10.2 - 2019-07-23

    v6.10.2 (2019-07-23):

    tl;dr - Fixes several issues with the cache when npm is run as sudo on Unix systems.

    TESTING

    • 2a78b96f8 check test cache for root-owned files (@isaacs)
    • 108646ebc run sudo tests on Travis-CI (@isaacs)
    • cf984e946 set --no-esm tap flag (@isaacs)
    • 8e0a3100d add script to run tests and leave fixtures for inspection and debugging (@isaacs)

    BUGFIXES

    • 25f4f73f6 add a util for writing arbitrary files to cache This prevents metrics timing and debug logs from becoming root-owned. (@isaacs)
    • 2c61ce65d infer cache owner from parent dir in correct-mkdir util (@isaacs)
    • 235e5d6df ensure correct owner on cached all-packages metadata (@isaacs)
    • e2d377bb6 npm.community#8540 audit: report server error on failure (@isaacs)
    • 52576a39e #216 npm.community#5385 npm.community#6076 Fix npm ci with file: dependencies. Partially reverts #40/#86, recording dependencies of linked deps in order for npm ci to work. (@jfirebaugh)

    DEPENDENCIES

    • 0fefdee13 cacache@12.0.2 (@isaacs)
      • infer uid/gid instead of accepting as options, preventing the overwhelming majority of cases where root-owned files end up in the cache folder. (ac84d14) (@isaacs) (#1)
      • i18n: add another error message (676cb32) (@zkat)
    • e1d87a392 pacote@9.5.4 (@isaacs)
      • git: ensure stream failures are reported (7f07b5d) #1 (@lddubeau)
    • 3f035bf09 infer-owner@1.0.4 (@isaacs)
    • ba3283112 npm-registry-fetch@4.0.0 (@isaacs)
    • ee90c334d libnpm@3.0.1 (@isaacs)
    • 1e480c384 libnpmaccess@3.0.2 (@isaacs)
    • 7662ee850 libnpmhook@5.0.3 (@isaacs)
    • 1357fadc6 libnpmorg@1.0.1 (@isaacs)
    • a621b5cb6 libnpmsearch@2.0.2 (@isaacs)
    • 560cd31dd libnpmteam@1.0.2 (@isaacs)
    • de7ae0867 npm-profile@4.0.2 (@isaacs)
    • e95da463c libnpm@3.0.1 (@isaacs)
    • 554b641d4 npm-registry-fetch@4.0.0 (@isaacs)
    • 06772f34a node-gyp@5.0.3 (@isaacs)
    • 85358db80 npm-lifecycle@3.1.2 (@isaacs)
      • 051cf20 #26 fix switches for alternative shells on Windows (@gucong3000)
      • 3aaf954 #25 set only one PATH env variable for child process on Windows (@zkochan)
      • ea18ed2 #36 #11 #18 remove procInterrupt listener on SIGINT in procError (@mattshin)
      • 5523951 #29 #30 Use platform specific path casing if present (@mattezell)
  • 6.10.2-next.3 - 2019-07-22
  • 6.10.2-next.2 - 2019-07-21
  • 6.10.2-next.1 - 2019-07-17
  • 6.10.2-next.0 - 2019-07-16
  • 6.10.1 - 2019-07-11
  • 6.10.1-next.2 - 2019-07-10
  • 6.10.1-next.1 - 2019-07-03
  • 6.10.1-next.0 - 2019-07-03
  • 6.10.0 - 2019-07-03
  • 6.10.0-next.0 - 2019-07-01
  • 6.9.2 - 2019-06-27
  • 6.9.1-next.0 - 2019-03-20
  • 6.9.0 - 2019-03-06
  • 6.9.0-next.0 - 2019-02-21
  • 6.8.0 - 2019-02-13
  • 6.8.0-next.2 - 2019-02-07
  • 6.8.0-next.1 - 2019-02-06
  • 6.8.0-next.0 - 2019-01-31
  • 6.7.0 - 2019-01-23
  • 6.6.0 - 2019-01-17
  • 6.6.0-next.1 - 2019-01-10
  • 6.6.0-next.0 - 2018-12-12
  • 6.5.0 - 2018-12-10
  • 6.5.0-next.0 - 2018-11-28
  • 6.4.1 - 2018-08-29
from npm GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[ghost]

DeepCode Report (#05bd46)

DeepCode analyzed this pull request.
There are no new issues.