Update npm on all supported release lines to address CVE scored 9.8 in minimist package #32296
Description
Is your feature request related to a problem? Please describe.
The package mkdir 0.5.1 contains a dependency to minimist 0.0.8, which has the CVE-2020-7598, scored 9.8
Describe the solution you'd like
Remove the package mkdirp or find a maintained alternative.
Others
node -v
v12.16.1
npm -v
6.13.4
list mkdirp
npm@6.13.4 /usr/lib/node_modules/npm
+-- cacache@12.0.3
| `-- mkdirp@0.5.1 deduped
+-- cmd-shim@3.0.3
| `-- mkdirp@0.5.1 deduped
+-- gentle-fs@2.3.0
| `-- mkdirp@0.5.1 deduped
+-- libcipm@4.0.7
| `-- mkdirp@0.5.1 deduped
+-- mkdirp@0.5.1
+-- move-concurrently@1.0.1
| +-- copy-concurrently@1.0.5
| | `-- mkdirp@0.5.1 deduped
| `-- mkdirp@0.5.1 deduped
+-- node-gyp@5.0.5
| `-- mkdirp@0.5.1 deduped
+-- pacote@9.5.11
| `-- mkdirp@0.5.1 deduped
`-- tar@4.4.13
`-- mkdirp@0.5.1 deduped