aem-angular-editable-components
aem-angular-editable-components copied to clipboard
adobe
chore(deps): update npm to v8 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| npm (source) | >=8.14.0 -> 8.11.0 |
GitHub Vulnerability Alerts
CVE-2022-29244
Impact
npm pack ignores root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. --workspaces, --workspace=<name>). Anyone who has run npm pack or npm publish with workspaces, as of v7.9.0 & v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include.
Patch
- Upgrade to the latest, patched version of
npm(v8.11.0or greater), run:npm i -g npm@latest - Node.js versions
v16.15.1,v17.19.1&v18.3.0include the patchedv8.11.0version ofnpm
Steps to take to see if you're impacted
- Run
npm publish --dry-runornpm packwith annpmversion>=7.9.0&<8.11.0inside the project's root directory using a workspace flag like:--workspacesor--workspace=<name>(ex.npm pack --workspace=foo) - Check the output in your terminal which will list the package contents (note:
tar -tvf <package-on-disk>also works) - If you find that there are files included you did not expect, you should:
3.1. Create & publish a new release excluding those files (ref. "Keeping files out of your Package")
3.2. Deprecate the old package (ex.
npm deprecate <pkg>[@​<version>] <message>) 3.3. Revoke or rotate any sensitive information (ex. passwords, tokens, secrets etc.) which might have been exposed
References
Release Notes
npm/cli (npm)
v8.11.0
v8.11.0 (2022-05-25)
Features
-
8898710#4879 feat: deprecated set-script, birthday, --global, and --local (@fritzy) -
7307c8d#4940 feat(libnpmpack): bump pacote for better workspace awareness (@nlf)
Bug Fixes
-
400c80f#4913 fix(ci): remove node_modules post-validation (@wraithgar) -
124df81#4910 fix: clean up npm cache tests (@wraithgar) -
ee3308afix: remove dead code from get-identity (@wraithgar) -
357b0af#4917 fix: pass prefix and workspaces to libnpmpack (@nlf) -
0f89e07#4935 fix: add global getter to npm class (@nlf)
Documentation
-
83ed8d0#4922 docs: update roadmap link in readme (@OmriBarZik) -
ed054d4#4933 docs: fix broken link in changelog (@yonran)
Dependencies
-
632ce87#4915 deps:[email protected] -
7b2b77a#4915 deps:[email protected] -
f3b0a24#4915 deps:[email protected] -
0df3011#4915 deps:[email protected] -
dc38ab9#4919 deps:[email protected] -
353e2f9#4940 deps:[email protected] [email protected] -
f4d4126#4941 deps:[email protected]
v8.10.0
v8.10.0 (2022-05-11)
Features
-
911f55d#4864 feat: add --iwr alias for --include-workspace-root (@fritzy) -
bfb8bcc#4874 feat: add flag --omit-lockfile-registry-resolved (@fritzy) (Caleb ツ Everett)
Bug Fixes
-
48d2db6#4862 fix: remove test coverage map (@wraithgar) -
38cf29a#4868 fix: cleanup star/unstar (@wraithgar) -
5baa4a7#4857 fix: consolidate bugs, docs, repo command logic (@wraithgar) -
5a50762#4875 fix(arborist): link deps lifecycle scripts (@ruyadorno)
Dependencies
-
d58bf40#4856 deps:[email protected] -
86f443e#4872 deps:[email protected] -
f9984e6#4880 deps:@npmcli/[email protected] -
ba59915#4881 deps:[email protected] -
c0806ba#4881 deps:[email protected] -
cc7be6b#4881 deps:[email protected] -
0432c7d#4881 deps:[email protected] -
5778820#4881 deps:[email protected] -
893dd00#4881 deps:[email protected] -
6ab85bd#4881 deps:[email protected]
v8.9.0
v8.9.0 (2022-05-04)
Features
-
62af3a1#4835 feat: make npm owner workspace aware (@wraithgar)
Bug Fixes
-
d654e7e#4781 fix: start consolidating color output (@wraithgar) -
b9a966c#4843 fix(exec): ignore packageLockOnly flag (@nlf)
Documentation
-
8fd7eec#4845 docs: remove incorrect v6 auto prune info (@wraithgar) -
5f59f80#4847 docs: show complex object interactions in npm pkg (@wraithgar)
Dependencies
-
62faf8a#4837 deps:[email protected] -
4ff7d3d#4816 deps:[email protected] -
e2e9c81#4852 deps:[email protected]
v8.8.0
v8.8.0 (2022-04-27)
Features
Bug Fixes
-
6253d19#4643 fix(exec): workspaces support (@ruyadorno) -
e9163b4#4657 fix(libnpmpublish): unpublish from custom registry (@ruyadorno) -
a677f49#4778 fix: Use node in and fallback to PATH if not found (@elibus) -
b10462e#4752 fix: completion fordeprecatecmd (@wraithgar) -
ced0acf#4775 fix: consolidate registryConfig application logic (@wraithgar) -
b06e89f#4679 fix(install): do not install invalid package name (@ruyadorno) -
9ea2603#4786 fix: normalize win32 paths before globbing (@lukekarrys) -
8da28b4#4757 fix: removelib/utils/read-package-name.js(@wraithgar)
Documentation
-
a6ea884#4745 docs: add some more docs for --install-links (@nlf) -
6cd6831#4782 docs: explain that _auth only goes to npm registry (@wraithgar) -
fa3d829#4772 docs: include org instructions in scoped publish (@bnb)
Dependencies
-
36899d1#4807 deps:@npmcli/[email protected] -
3f2b24a#4786 deps:@npmcli/[email protected] -
b1b6948#4808 deps:[email protected]-
4a46a27#4777 fix read mixed local/registry pkg (@ruyadorno)
-
-
9f57404#4743 deps:[email protected] -
532883f#4786 deps:[email protected] -
4d1398e#4786 deps:[email protected] -
5e31322#4786 deps:[email protected] -
4eb2ccb#4786 deps:[email protected] -
aeb54e4#4786 deps:[email protected] -
252b2b1#4786 deps:[email protected] -
c51e553#4786 deps:[email protected] -
13299ee#4786 deps:[email protected] -
0f2da5d#4786 deps:cli-table3@​0.6.2 -
0ee57f1#4805 deps:[email protected] -
8a633a4#4806 deps:[email protected]
v8.7.0
v8.7.0 (2022-04-13)
Features
-
6611e91#4723 feat(config): add more npm/node information to config ls (@lukekarrys) -
c057b90#4740 feat(config): warn on deprecated configs (@lukekarrys)
Bug Fixes
-
2829cb2#4658 fix: update readme badges (@lukekarrys) -
e3da5df#4667 fix: replace deprecated String.prototype.substr() (@CommanderRoot) -
2a26e5e#4645 fix: remove dedupe --save (@wraithgar) -
47438ff#4645 fix: do not export npm_config_include_workspace_root (@wraithgar) -
840c338#4678 fix(run-script): don't cascade if-present config (@ruyadorno) -
4d676e3#4709 fix(arborist): when reloading an edge, also refresh overrides (@nlf) -
3f7fe17#4659 fix: skip update notifier file if not requested (@lukekarrys) -
5ba7f0c#4726 fix: show more information during publish dry-run (@lukekarrys) -
aa4a4da#4735 fix(arborist): dont skip adding advisories to audit based on name/range (@lukekarrys) -
0cd852f#4741 fix: mitigate doctor test race condition (@wraithgar) -
ba8b2a7#4744 fix(ls): make--omitfilternpm ls(@lukekarrys)
Documentation
-
85b3c48#4666 docs(ci): add note that configuration must be consistent between install and ci (@nlf) -
44108f7#4670 docs: fix npm-uninstall typo (@JSKitty)
Dependencies
-
aaf86f6#4674 deps:@npmcli/[email protected] -
4a9a705#4691 deps:@npmcli/[email protected] -
1a90b9e#4691 deps:[email protected] -
f86f1af#4691 deps:@npmcli/[email protected] -
3a76dff#4691 deps:[email protected] -
0230428#4691 deps:@npmcli/[email protected] -
82dc75f#4691 deps:[email protected] -
ad99360#4691 deps:[email protected] -
79fc706#4691 deps:[email protected] -
1f2fb1e#4691 deps:@npmcli/[email protected] -
0f23c33#4691 deps:@npmcli/[email protected] -
485753d#4691 deps:[email protected] -
e9b25cd#4691 deps:@npmcli/[email protected] -
0e87cac#4691 deps:@npmcli/[email protected] -
b632746#4691 deps:@npmcli/[email protected] -
b1863bf#4691 deps:[email protected] -
a2781a3#4691 deps:[email protected] -
5172e03#4691 deps:[email protected] -
71296d5#4691 deps:[email protected] -
69d8343#4691 deps:[email protected] -
c44c2b0#4691 deps:[email protected] -
38029ed#4691 deps:[email protected] -
e57353c#4691 deps:[email protected] -
1b30c72#4691 deps:[email protected] -
c70232c#4706 deps:@npmcli/[email protected] -
baff482#4705 deps:[email protected] -
dda8a97#4704 deps:[email protected] -
8914864#4703 deps:[email protected] -
3516f61#4702 deps:[email protected] -
ecd22b0#4701 deps:[email protected] -
7ed9faf#4700 deps:[email protected] -
df92e23#4699 deps:[email protected] -
5074adc#4698 deps:[email protected] -
35e5100#4697 deps:[email protected] -
86f5b27#4696 deps:[email protected] -
1617bce#4695 deps:[email protected] -
e33aa0f#4714 deps: remove stringify-package -
98377d1#4740 deps:@npmcli/[email protected] -
605ccef#4728 deps: remove ansistyles -
c22fb1e#4728 deps: remove ansicolors -
970244c#4734 deps:[email protected] -
42dc0b0#4733 deps:@npmcli/[email protected]
v8.6.0
v8.6.0 (2022-03-31)
Features
-
723a0918a#4588 feat(version): reify on workspace version change (@ruyadorno) -
cc6c09431#4594 feat: add logs-dir config to set custom logging location (@lukekarrys)
Bug Fixes
-
98bfd9a8cfix: remove always true condition (#4590) (@XhmikosR) -
81afa5a88#4601 fix(unpublish): properly apply publishConfig (@wraithgar) -
716a07fde#4607 fix: 100% coverage in tests (@wraithgar) -
6f9cb490e#4614 fix(arborist): handle link nodes in old lockfiles correctly (@nlf) -
18b8b9435#4617 fix(arborist): make sure resolveParent exists before checking props (@nlf) -
bd96ae407#4599 fix(arborist): identify and repair invalid nodes in the virtual tree (@nlf) -
99d884542#4599 fix: make sure we loadOverrides on the root node in loadVirtual() (@nlf) -
45dd8b861#4609 fix: move shellout logic into commands (@wraithgar) -
a64acc0bf#4609 fix: really load all commands in tests, add description to birthday (@wraithgar) -
d8dcc02cf#4609 fix: consolidate command alias code (@wraithgar) -
f76d4f2f6#4609 fix: consolidate is-windows code (@wraithgar) -
57d8f75eb#4609 fix: consolidate node version support logic (@wraithgar) -
0a957f5e2#4609 fix: consolidate path delimiter logic (@wraithgar) -
738a40445#4609 fix: bump knownBroken to <12.5.0 (@wraithgar) -
8b65bfd5d#4629 fix: return otplease fn results (@wraithgar) -
d8d374d23#4632 fix: consolidate split-package-names (@wraithgar) -
cc0a2ec99#4611 fix: work better with system manpages (#4610) (@d0sboots) -
668ec7f33#4644 fix: only call npmlog progress methods if explicitly requested (@lukekarrys)
Documentation
-
ff1367f01#4641 docs: recommend prepare over prepublish (@verhovsky)
Dependencies
-
6df061ec2#4594 deps:[email protected] -
6dd1139c9#4594 deps:[email protected] -
feb4446d5#4616 deps:[email protected] -
c33b53311#4613 deps:[email protected] -
6a4c8ff89#4606 deps:[email protected] -
6e0a131d2#4627 deps:[email protected] -
0f1cd60a1#4627 deps:[email protected] -
da377eed5#4627 deps:[email protected] -
726a8a07a#4627 deps:[email protected] -
aac01b89c#4628 deps:@npmcli/[email protected] -
52dfaf239#4630 deps:[email protected] -
9778a5387#4635 deps:[email protected] -
86eff5dcc#4635 deps:[email protected] -
5b4cbb217#4635 deps:[email protected] -
a59fd2cb8#4639 deps:@npmcli/[email protected] -
679e569d5#4655 deps:@npmcli/[email protected]
v8.5.5
v8.5.5 (2022-03-17)
Bug Fixes
-
0e7511d14#4261 fix(arborist): _findMissingEdges missing dependency due to inconsistent path separators (@salvadorj) -
c83069436#4547 fix: omit bots from authors (@wraithgar) -
f66da2ed8#4565 fix(owner): bypass cache when fetching packument (@wraithgar) -
f0c6e86ca#4572 fix: remove name from unpublished message (@wraithgar) -
f7e58fa74#4572 fix: remove "bug the author" message from package 404 (@wraithgar) -
5471ff5fe#4573 fix: add isntall alias to install (@wraithgar) -
84d19210e#4576 fix: properly shownpm view ./directory(@wraithgar) -
e9a2981f5#4578 fix(arborist): save workspace version (@ruyadorno)
Documentation
-
a30405258#4580 docs: add foreground-scripts and ignore-scripts to commands (@wraithgar) -
2361a68e1#4582 docs: add isntall alias to install command (@wraithgar) -
8ff1dfaae#4575 docs: explain that linked deps neednpm installran in them (@wraithgar) -
ddbb505ec#4574 docs: explain that git-tag-version=false does not commit (@wraithgar) -
7c878b978#4584 docs: fix unpublish docs to auto generate usage (@wraithgar)
Dependencies
-
fcc6acfa8#4562 deps:@npmcli/[email protected] -
6d3145014#4562 deps:[email protected] -
f6b771aab#4562 deps:[email protected] -
e26548fb1#4562 deps:[email protected] -
915dda7ab#4562 deps:[email protected] -
f2ec2ef1f#4562 deps:[email protected] -
340fa51f4#4562 deps:[email protected] -
9555a5f1d#4562 deps:[email protected] -
b2a494283#4562 deps:[email protected] -
1cb88f4b3#4562 deps:[email protected] -
f95396a03#4562 deps:[email protected] -
aec2bfecc#4585 deps:[email protected] -
ed8ab63e4deps:[email protected] -
0b73bfa82deps:[email protected] -
475d59b36deps:[email protected] -
7201c7395deps:[email protected] -
f5df358c3deps:[email protected] -
472e7dd7adeps:[email protected] -
c901d7290deps:[email protected] -
aad53327fdeps:@npmcli/[email protected] -
b40136bcadeps:[email protected] -
5d91201d1deps:[email protected]
v8.5.4
v8.5.4 (2022-03-10)
Bug Fixes
-
fbdb43138#4529 fix(rebuild): don't run lifecycle scripts twice on linked deps (@wraithgar) -
1c182e11d#4495 fix(doctor): don't retry ping (@wraithgar) -
55ab38c53#4495 fix(doctor): allow for missing local bin andnode_modules(@wraithgar) -
5c06a33e6#4528 fix: clean up owner command and otplease (@wraithgar)
Documentation
-
2485064da#4524 docs: fix typo in configuring-npm/package-json.md (@dlcmh) -
91f03ee61#4510 docs: standardize changelog heading (@wraithgar)
Dependencies
-
377f55e0e#4530 deps:[email protected]- add code property to unsupported proxy url error
-
40b7fbf67#4531 deps:[email protected]- don't throw exception on invalid main attr
-
d9dc70ce4#4545 deps:[email protected]- evaluate all patterns before throwing
EDUPLICATEWORKSPACE
- evaluate all patterns before throwing
-
70fcfb46bdeps:[email protected] -
621cd033fdeps:@npmcli/[email protected] -
087fdc4cbdeps:[email protected] -
d24c6d288deps:[email protected] -
fa59830fcdeps:[email protected] -
6d5f22b86deps:[email protected] -
69ea54350deps:[email protected] -
4742d7cf3deps:[email protected] -
fdd255ae9deps:[email protected] -
ed41bc101deps:[email protected] -
21e241025deps:[email protected] -
ec7f36ff9deps:[email protected] -
ad4b56414deps:[email protected]
v8.5.3
v8.5.3 (2022-03-03)
Bug Fixes
-
defe79ad6#4480 fix: publish of tarballs includes README in packument (@fritzy) -
45fc297f1#4479 fix: ignore implict workspace for some commands (@fritzy) -
a0900bdf1#4481 fix(ls): respect--include-workspace-root(@fritzy) -
0cfc155db#4476 fix: set proper workspace repo urls in package.json (@ljharb) -
9e43de8a5#4493 fix: ignore implicit workspace for whoami (@nlf)
Dependencies
-
d13f067d9#4490 deps:@npmcli/[email protected](@wraithgar) -
ce9a6eac0#4490 deps:[email protected](@wraithgar) -
bd660f5f1#4490 deps:@npmcli/[email protected] -
3c17b6965#4490 deps:[email protected] -
e9b69c4c5#4490 deps:[email protected] -
cf27ca888#4490 deps:[email protected] -
f3421921a#4490 deps:[email protected] -
1dd2f7ee1#4490 deps:[email protected] -
236e3b403#4490 deps:[email protected](@wraithgar) -
10e1326d2#4490 deps:[email protected]
v8.5.2
v8.5.2 (2022-02-24)
Bug Fixes
-
9bdd1ace8#4300 fix(arborist): use full location as tracker key when inflating (@lukekarrys) (@kirtangajjar) -
c9ff797e8#4457 fix: remove html comments from man entries (@wraithgar) -
f4c5f0e52#4462 fix(arborist): fix unescaped periods (@XhmikosR) -
c608512ed#4468 fix: ignore integrity values for git dependencies (@lukekarrys)
Documentation
-
e83e5c9ba#4435 docs: clarify npm init@latestbehavior (@wraithgar) -
d8fa9fa5e#4436 docs: explain $INIT_CWD on using scripts page (@wraithgar) -
6b68c1aaa#4450 docs: auto-generate npm usage for each command (@manekinekko)
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Merging #98 (5297733) into master (8f15309) will increase coverage by
9.11%. Report is 12 commits behind head on master. The diff coverage isn/a.
:exclamation: Current head 5297733 differs from pull request most recent head 8a0b072. Consider uploading reports for the commit 8a0b072 to get more accurate results
@@ Coverage Diff @@
## master #98 +/- ##
==========================================
+ Coverage 72.51% 81.63% +9.11%
==========================================
Files 10 11 +1
Lines 171 196 +25
Branches 36 36
==========================================
+ Hits 124 160 +36
+ Misses 41 21 -20
- Partials 6 15 +9
see 8 files with indirect coverage changes
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}