[Snyk] Fix for 1 vulnerabilities

[soloinovator]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • workspaces/arborist/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @npmcli/metavuln-calculator

The new version differs by 53 commits.

• 28a42b2 chore: release 7.0.0
• d5ba3e4 deps: bump pacote from 16.0.0 to 17.0.0
• 49e9861 deps: bump cacache from 17.1.4 to 18.0.0
• 071449d fix: drop node 16.13.x support
• fd9e345 chore: release 6.0.1
• 907daf1 deps: bump pacote from 15.2.0 to 16.0.0
• a5e6a2e chore: release 6.0.0
• 0e95702 fix: drop node14 support
• 46a10c1 chore: postinstall for dependabot template-oss PR
• 7260b66 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 0b2316e chore: postinstall for dependabot template-oss PR
• f961bba chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• d5ce57f chore: postinstall for dependabot template-oss PR
• da5f2a2 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1
• dcdd273 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (docs: Taking a crack at updating the scripts docs. npm/cli#89)
• f908f1a chore: release 5.0.1
• 7ac3939 chore: auto publish (deps: fix test for semver@5.5.1 npm/cli#88)
• 8ba51d8 chore: bump @ npmcli/template-oss from 4.12.0 to 4.13.0 (Fix issue with sub folder local references npm/cli#86)
• d89da3f fix: support packument without versions (meta: add back engines npm/cli#85)
• 04f5b61 chore: postinstall for dependabot template-oss PR
• b108d47 chore: bump @ npmcli/template-oss from 4.11.4 to 4.12.0
• 435bfaa chore: postinstall for dependabot template-oss PR
• d69f8a8 chore: bump @ npmcli/template-oss from 4.11.3 to 4.11.4
• db09986 chore: postinstall for dependabot template-oss PR

See the full diff

Package name: @npmcli/run-script

The new version differs by 89 commits.

• fcebe38 chore: release 7.0.2
• 30623cf deps: bump node-gyp from 9.4.1 to 10.0.0
• 54e5bd0 chore: postinstall for dependabot template-oss PR
• 7d95e9f chore: bump @ npmcli/template-oss from 4.18.1 to 4.19.0
• 90bcf54 chore: postinstall for dependabot template-oss PR
• ba0ab48 chore: bump @ npmcli/template-oss from 4.18.0 to 4.18.1
• 43ccfc7 chore: release 7.0.1
• f61fd84 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 87b740b chore: release 7.0.0
• e1b1a3c fix: drop node14 support
• a8045a9 deps: bump which from 3.0.1 to 4.0.0
• c4f4fb4 chore: postinstall for dependabot template-oss PR
• dacd67e chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 9d2d807 chore: postinstall for dependabot template-oss PR
• 8b21725 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• d9a0cc0 chore: release 6.0.2
• 545f3be fix: handle signals more correctly (fix(packageRelativePath): fix 'where' for file deps npm/cli#142)
• 1cbd286 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (access: ls-collaborators is ok with non-scoped npm/cli#151)
• 581be58 docs: fix syntax in example (Release: npm@6.7.0 npm/cli#141)
• 24f12b2 chore: release 6.0.1
• 728b270 chore: enable auto-publish (6.8.0 npm/cli#150)
• 6c1cb21 chore: bump @ npmcli/template-oss from 4.12.1 to 4.14.1 (Fixing text. npm/cli#148)
• 3a8f085 fix: remove unused dependency on minipass (install/dedupe: fix hoisting of packages with peerDeps npm/cli#147)
• 72c3e2f chore: bump @ npmcli/template-oss from 4.12.0 to 4.12.1 (test: maketest: Fix common.npm callback arguments npm/cli#144)

See the full diff

Package name: bin-links

The new version differs by 8 commits.

• 9288589 chore: release 4.0.0 (doc: correct npm@6.4.0 release date in changelog npm/cli#53)
• 4f4c58c feat: do not alter file ownership (readable-stream@3.0.2 npm/cli#59)
• decf1c0 chore: postinstall for dependabot template-oss PR
• 11ed9cf chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• 6253529 chore: postinstall for dependabot template-oss PR
• fecbd8a chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• 36b2668 feat!: postinstall for dependabot template-oss PR
• 527942a chore: bump @ npmcli/template-oss from 3.5.0 to 4.3.2

See the full diff

Package name: npm-registry-fetch

The new version differs by 11 commits.

• 8f61d95 chore: release 14.0.0 (Check run script existence with undefined npm/cli#139)
• c1a2c5a chore: bump cacache from 16.1.3 to 17.0.0 (install/dedupe: fix hoisting of packages with peerDeps npm/cli#147)
• b5aeed0 deps: bump make-fetch-happen from 10.2.1 to 11.0.0 (Always save package_lock.json when using --package-lock-only npm/cli#146)
• c1c203e chore: postinstall for dependabot template-oss PR
• dcff56f chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• 8762c37 chore: postinstall for dependabot template-oss PR
• 428d241 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• 104a51f feat!: postinstall for dependabot template-oss PR
• 36f576a chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• ed6304c chore: postinstall for dependabot template-oss PR
• 4a08dd4 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0

See the full diff

Package name: pacote

The new version differs by 111 commits.

• 18e760f chore: release 17.0.4
• ba8f790 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae deps: bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 7aa2062 chore: release 17.0.3
• ace7c28 deps: bump npm-packlist from 7.0.4 to 8.0.0
• f1efd0c chore: release 17.0.2
• c3b892d deps: bump sigstore from 1.3.0 to 2.0.0
• c75d7d5 chore: release 17.0.1
• 6ddae13 deps: bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 deps: bump npm-pick-manifest from 8.0.2 to 9.0.0
• 9fa2de9 chore: release 17.0.0
• e9e964b deps: bump read-package-json from 6.0.4 to 7.0.0
• f69d844 chore: hosted-git-info@7.0.0
• 5d26500 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• d13bb9c deps: bump @ npmcli/git from 4.1.0 to 5.0.0
• 7a25e39 deps: bump cacache from 17.1.4 to 18.0.0
• 2db2fb5 fix: drop node 16.13.x support
• 5cdbfd1 chore: release 16.0.0
• 8dc6a32 deps: bump minipass from 5.0.0 to 7.0.2
• 7cebf19 deps: bump npm-registry-fetch from 14.0.5 to 15.0.0
• 73b6297 fix: drop node14 support ([FEATURE] Provide credentials to npm trough environment variables npm/cli#290)
• 53cf17e chore: postinstall for dependabot template-oss PR
• 865d5c7 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 040add9 chore: postinstall for dependabot template-oss PR

See the full diff

Package name: rimraf

The new version differs by 40 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.