[Snyk] Fix for 1 vulnerabilities

[Django0505]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: init-package-json

The new version differs by 170 commits.

• 6b7dbaf chore: release 4.0.0 (http server response should get "end" if client closes the connection prematurely nodejs/node-v0.x-archive#160)
• ea53243 chore: bump @ npmcli/config from 4.2.2 to 6.0.0 (realpath of a symlink under a symlink returns parent realpath. nodejs/node-v0.x-archive#167)
• 99e3307 chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0 (require.paths undefined in the repl nodejs/node-v0.x-archive#169)
• b869b31 deps: bump read-package-json from 5.0.2 to 6.0.0 (Build fails on CentOS 5.4 - V8 Error nodejs/node-v0.x-archive#170)
• d342821 deps: bump validate-npm-package-name from 4.0.0 to 5.0.0 (JSON.parse hangs on bogus input nodejs/node-v0.x-archive#168)
• a9b2e54 chore: postinstall for dependabot template-oss PR
• 9eacc7e chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• ada46c8 chore: postinstall for dependabot template-oss PR
• bb17043 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• e8ea83a feat!: postinstall for dependabot template-oss PR
• 2eeb977 chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 18e3c78 chore: postinstall for dependabot template-oss PR
• 197e9c3 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 8abb642 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (WriteStream.prototype.write() can't handle buffers nodejs/node-v0.x-archive#149)
• 64ad963 chore: postinstall for dependabot template-oss PR
• 6f0fbd3 chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 9023742 chore: bump @ npmcli/template-oss from 3.2.1 to 3.4.1 (ClientResponse doens't emit "end" when client is closed nodejs/node-v0.x-archive#147)
• e063094 chore(main): release 3.0.2 (error: size of array ‘control_msg’ is not an integral constant-expression nodejs/node-v0.x-archive#142)
• e4ba49a chore: bump @ npmcli/template-oss from 3.2.0 to 3.2.1 (DNS Lookup Failure nodejs/node-v0.x-archive#143)
• fa7574a deps: bump validate-npm-package-name from 3.0.0 to 4.0.0 (exceptions in request handler are ignored nodejs/node-v0.x-archive#144)
• b1ec548 deps: update npm-package-arg requirement from ^9.0.0 to ^9.0.1 (ECONNREFUSED causes node process to exit nodejs/node-v0.x-archive#136)
• 3b443aa chore: bump tap from 15.2.3 to 16.0.1 (#141)
• d8bdf52 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.0 (ruby child processes are not firing events when created. nodejs/node-v0.x-archive#140)
• a1348c6 chore: release 3.0.1 (end event handler on an http.client response will silently swallow errors under certain conditions nodejs/node-v0.x-archive#135)

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published (In function FChown, first parameter must be an int nodejs/node-v0.x-archive#2921)
• 4e493d4 chore: misc testing fixes (path.exists*() as 2nd level head not 3rd nodejs/node-v0.x-archive#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (test: Fix path to require hello-world module nodejs/node-v0.x-archive#2929)
• e388255 deps: which@4.0.0 (Add process.config nodejs/node-v0.x-archive#2928)
• 059bb6f deps: make-fetch-happen@13.0.0 (Add process.shared nodejs/node-v0.x-archive#2927)
• 4bef1ec deps: glob@10.3.10 (Debugger always stops on caught exceptions nodejs/node-v0.x-archive#2926)
• 21a7249 chore: add check engines script to CI (tty → readline ansi/vt100 migration nodejs/node-v0.x-archive#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (Nodejs for ARMv5te ? nodejs/node-v0.x-archive#2923)
• d644ce4 docs: update applicable GitHub links from master to main (CryptoStream pass-through functions fix for setSocketKeepAlive nodejs/node-v0.x-archive#2843)
• 4a50fe3 chore: empty commit to add changelog entries from 64bit binary in the OS X installer. Still installs on 32bit machines. nodejs/node-v0.x-archive#2770
• 26683e9 chore: GitHub Workflows security hardening (Cluster 2.0 - step 6 : Add disconnect methods to graceful shutdown nodejs/node-v0.x-archive#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 (net: remove setSecure from documentation nodejs/node-v0.x-archive#2783)
• 5746691 test: update expired certs (cluster 2.0 - step 7: kill workers when master dies nodejs/node-v0.x-archive#2908)
• d3615c6 Fix incorrect Xcode casing in README (process: expose the zlib version in use in process.versions nodejs/node-v0.x-archive#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python (Fixing gcc_version for clang nodejs/node-v0.x-archive#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after (bug of listening on a used port in worker of cluster nodejs/node-v0.x-archive#2721)
• 445c28f test: increase mocha timeout (remove ClientRequest.prototype.pause nodejs/node-v0.x-archive#2887)
• 1bfb083 Fix Python lint error by using an f-string (issue #2697: have 'make install' set npm shebang to use its node nodejs/node-v0.x-archive#2886)
• c9caa2e docs: Update windows installation instructions in README.md (Readline fix for #2876. nodejs/node-v0.x-archive#2882)

See the full diff

Package name: npm-registry-client

The new version differs by 185 commits.

• debec76 7.2.1
• 90113c9 deps: update to standard@8
• 8331ef7 deps: update dependencies
• cd23cfb 7.2.0
• f62a28d ci: clean up dependencies
• df9be53 ci: add Node.js v4 and v6 to Travis matrix
• 0ff3352 remove socket `error` handler after request is done
• 04f418a doc: document the `streaming` param for `request`
• f11a002 request: add support for streaming bodies
• 0b595c4 7.1.2
• de6d4ee Bump npmlog to 3.1.0
• bc728c3 7.1.1
• 26d14b4 Allow npmlog@3.0.0
• d077cb6 7.1.0
• 3aeca7a initialize: Limit maxSockets for client connections
• 2c0c831 7.0.9
• 2b5a607 deps: version npmlog's optionalDependency
• e56227b 7.0.8
• f43d368 access: grant / revoke / ls-collaborators unscoped
• 32273ff package: fix repository link
• 06f1889 7.0.7
• 9f0cfda request: fixed npm-notice functionality
• a42ca70 7.0.6
• 697c0a7 fix deprecate tests on older nodes

See the full diff

Package name: tar

The new version differs by 215 commits.

• 1098f4b v3.0.0
• 51396a9 test and push on version bump
• 753ea13 parse test: early end isn't a zlib error on v4
• 9440c43 Merge branch 'v3'
• 7ac6960 pack test: set times explicitly so travis doesn't fail
• 7d8bd02 Handle truncated zlib input
• 3d1b142 docs: fix example code for tar.t({file})
• 50bfa6e Parser: emit warning about truncated input
• 3c70b5d Directory entries should have 0 size
• 4bfd57b Pax: don't break on line-break-having values or empty keys
• 09215cd ;
• a2a12d3 Doc improvements. Warnings and cwd consistency
• 740ac18 parse: Array is not faster than linked list
• f5899f6 parser: make consumeBody/Meta/Header private methods
• d32397f benchmark: output timer to stdout
• 0e8b390 Don't create obnoxious directories
• dffa806 follow option for packing
• 4b0b393 add preserveOwner flag for tar.x/tar.Unpack
• 5db47b0 use makeTar in unpack test
• 41965bd ignore extract benchmark folder
• 080d4d6 abstract out timer code from benchmarks
• 0b195dc Document benchmarks, clearer output
• 2464b53 Add files stanza to package.json
• ca9611a comprehensive benchmarks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.