[Snyk] Fix for 1 vulnerabilities

[leonardoadame]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/@npmcli/arborist/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @npmcli/metavuln-calculator

The new version differs by 15 commits.

• 28a42b2 chore: release 7.0.0
• d5ba3e4 deps: bump pacote from 16.0.0 to 17.0.0
• 49e9861 deps: bump cacache from 17.1.4 to 18.0.0
• 071449d fix: drop node 16.13.x support
• fd9e345 chore: release 6.0.1
• 907daf1 deps: bump pacote from 15.2.0 to 16.0.0
• a5e6a2e chore: release 6.0.0
• 0e95702 fix: drop node14 support
• 46a10c1 chore: postinstall for dependabot template-oss PR
• 7260b66 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 0b2316e chore: postinstall for dependabot template-oss PR
• f961bba chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• d5ce57f chore: postinstall for dependabot template-oss PR
• da5f2a2 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1
• dcdd273 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 ([Snyk] Fix for 22 vulnerabilities #89)

See the full diff

Package name: @npmcli/run-script

The new version differs by 15 commits.

• fcebe38 chore: release 7.0.2
• 30623cf deps: bump node-gyp from 9.4.1 to 10.0.0
• 54e5bd0 chore: postinstall for dependabot template-oss PR
• 7d95e9f chore: bump @ npmcli/template-oss from 4.18.1 to 4.19.0
• 90bcf54 chore: postinstall for dependabot template-oss PR
• ba0ab48 chore: bump @ npmcli/template-oss from 4.18.0 to 4.18.1
• 43ccfc7 chore: release 7.0.1
• f61fd84 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 87b740b chore: release 7.0.0
• e1b1a3c fix: drop node14 support
• a8045a9 deps: bump which from 3.0.1 to 4.0.0
• c4f4fb4 chore: postinstall for dependabot template-oss PR
• dacd67e chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 9d2d807 chore: postinstall for dependabot template-oss PR
• 8b21725 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0

See the full diff

Package name: @npmcli/template-oss

The new version differs by 51 commits.

• 7f86c5f chore: release 4.20.0
• 74331b4 fix: remove tap 16 specific config when using tap 18
• 17ea62d feat: add typescript and esm support
• 3fca74f fix: always lint all js-ish extensions
• 37e9e0e fix: use npx semver to better determine latest npm
• ec65582 deps: bump @ commitlint/config-conventional from 17.8.1 to 18.1.0
• c8420a6 deps: bump @ commitlint/cli from 17.8.1 to 18.2.0
• f2521ed deps: bump @ npmcli/arborist from 6.5.0 to 7.2.1
• 8c20554 deps: bump @ npmcli/git from 4.1.0 to 5.0.3
• f25926a deps: bump @ npmcli/package-json from 4.0.1 to 5.0.0
• af30dbe deps: bump hosted-git-info from 6.1.1 to 7.0.1
• 0b59cd6 deps: bump npm-package-arg from 10.1.0 to 11.0.1
• ea0e866 feat: update engines ([Snyk] Fix for 1 vulnerabilities #373)
• 2a8d79e docs: add note about semver and breaking changes ([Snyk] Fix for 1 vulnerabilities #372)
• 3e1792c fix: add suffix to template files ([Snyk] Fix for 1 vulnerabilities #362)
• ebb48ec fix: add PR approval to auto publish flow ([Snyk] Fix for 1 vulnerabilities #368)
• f065bcb fix: prefer upstream over origin when getting remote
• 29bf19d fix: Ignore transient tap test directories ([Snyk] Fix for 1 vulnerabilities #364)
• cf286f5 chore: release 4.19.0
• 339c780 chore: fix resetting exit code in tests
• 994a278 feat: set ci versions from engines
• de319e8 fix: allow overriding path to npm bin in workspaces
• cad156a feat: set backport release from config instead of current branch
• 2a5e186 chore: release 4.18.1

See the full diff

Package name: pacote

The new version differs by 27 commits.

• 18e760f chore: release 17.0.4
• ba8f790 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae deps: bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 7aa2062 chore: release 17.0.3
• ace7c28 deps: bump npm-packlist from 7.0.4 to 8.0.0
• f1efd0c chore: release 17.0.2
• c3b892d deps: bump sigstore from 1.3.0 to 2.0.0
• c75d7d5 chore: release 17.0.1
• 6ddae13 deps: bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 deps: bump npm-pick-manifest from 8.0.2 to 9.0.0
• 9fa2de9 chore: release 17.0.0
• e9e964b deps: bump read-package-json from 6.0.4 to 7.0.0
• f69d844 chore: hosted-git-info@7.0.0
• 5d26500 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• d13bb9c deps: bump @ npmcli/git from 4.1.0 to 5.0.0
• 7a25e39 deps: bump cacache from 17.1.4 to 18.0.0
• 2db2fb5 fix: drop node 16.13.x support
• 5cdbfd1 chore: release 16.0.0
• 8dc6a32 deps: bump minipass from 5.0.0 to 7.0.2
• 7cebf19 deps: bump npm-registry-fetch from 14.0.5 to 15.0.0
• 73b6297 fix: drop node14 support ([Snyk] Security upgrade tap from 14.11.0 to 16.0.0 #290)
• 53cf17e chore: postinstall for dependabot template-oss PR
• 865d5c7 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 040add9 chore: postinstall for dependabot template-oss PR

See the full diff

Package name: tap

The new version differs by 250 commits.

• 793c1c0 update versions
• 47a2289 add missing @ tapjs/mock service key polyfill
• 6622dca snapshot: update snapshot
• 556e520 mock: actually be resilient against multiple instances
• 2c135b0 Add `t.mockAll` method
• d7e7e4f clean process.cwd() out of snapshots by default
• 4c0dc72 use the released version of tshy
• c858f37 need to check in .tshy configs for typedoc to work
• 82f48cd update versions
• 0f27f73 TypeScript 5.2, use tshy for hybrid builds
• de09096 remove my home directory from parser snapshots
• 46e2bbb repl: mkdirp the .tap dir if missing
• acfae01 link typedocs to main website
• 2ece1da core spawn test even less flaky
• a7a12d2 update typedoc to latest, ts-node to temporary fork
• a5c0e0c some changelog updates
• caf8d81 document repl
• a5dc854 Store t.testdir() fixtures in .tap/fixtures
• 6914d23 remove docs from source control
• 1dcc6a7 exclude test files themselves from coverage
• aff25fc update versions
• c5972e7 core: make spawn timeout test less flaky
• 1c11b37 stack: properly parse ErrnoException errors
• 1280a55 parser: remove node v12 skip check

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.