Update dependency npm to v6.14.6 [SECURITY] #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.14.3->6.14.6GitHub Vulnerability Alerts
CVE-2020-15095
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like
<protocol>://[<user>[:<password>]@​]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.Release Notes
npm/cli
v6.14.6Compare Source
6.14.6 (2020-07-07)
BUG FIXES
a9857b8f6chore: remove auth info from logs (@claudiahdz)b7ad77598#1416 fix: wrongnpm doctorcommand result (@vanishcode)DEPENDENCIES
94eca6377[email protected](@claudiahdz)c49b6ae28#1418[email protected](@kemitchell)v6.14.5Compare Source
6.14.5 (2020-05-04)
BUG FIXES
33ec41f18#758 fix: relativize file links when inflating shrinkwrap (@jsnajdr)94ed456df#1162 fix: npm init help output (@mum-never-proud)DEPENDENCIES
5587ac01f[email protected]fc5d94c39fix: removed default timeout07a4d8884[email protected]8228d1f2e[email protected]e6d208317[email protected]v6.14.4Compare Source
6.14.4 (2020-03-25)
DEPENDENCIES
136832dca[email protected][email protected]transitive dep to resolve security issue9c554fd8c[email protected][email protected][email protected][email protected][email protected][email protected][email protected]8bf99b2b5#1053 deps: updates term-size to use signed binaryRenovate configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.