[Snyk] Security upgrade npm from 5.6.0 to 6.2.0

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • openshift/message-board/message-board-web/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	170/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: npm

• 6.2.0 - 2018-07-14
  

  In case you missed it, we moved!. We look forward to seeing future PRs landing in npm/cli in the future, and we'll be chatting with you all in npm.community. Go check it out!

  This final release of npm@6.2.0 includes a couple of features that weren't quite ready on time but that we'd still like to include. Enjoy!

  FEATURES

  • 244b18380 #20554 add support for --parseable output (@ luislobo)
  • 7984206e2 #12697 Add new sign-git-commit config to control whether the git commit itself gets signed, or just the tag (which is the default). (@ tribou)

  FIXES

  • 4c32413a5 #19418 Do not use SET to fetch the env in git-bash or Cygwin. (@ gucong3000)

  DEPENDENCY BUMPS

  • d9b2712a6 request@2.81.0: Downgraded to allow better deduplication. This does introduce a bunch of hoek-related audit reports, but they don't affect npm itself so we consider it safe. We'll upgrade request again once node-gyp unpins it. (@ simov)
  • 2ac48f863 node-gyp@3.7.0 (@ MylesBorins)
  • 8dc6d7640 cli-table3@0.5.0: cli-table2 is unmaintained and required lodash. With this dependency bump, we've removed lodash from our tree, which cut back tarball size by another 300kb. (@ Turbo87)
  • 90c759fee npm-audit-report@1.3.1 (@ zkat)
  • 4231a0a1e Add cli-table3 to bundleDeps. (@ iarna)
  • 322d9c2f1 Make standard happy. (@ iarna)

  DOCS

  • 5724983ea #21165 Fix some markdown formatting in npm-disputes.md. (@ hchiam)
  • 738178315 #20920 Explicitly state that republishing an unpublished package requires a 72h waiting period. (@ gmattie)
  • f0a372b07 Replace references to the old repo or issue tracker. We're at npm/cli now! (@ zkat)
• 6.2.0-next.1 - 2018-07-05
  

  6.2.0-next.1

• 6.2.0-next.0 - 2018-06-29
  

  6.2.0-next.0

• 6.1.0 - 2018-05-24
  

  6.1.0

• 6.1.0-next.0 - 2018-05-17
  

  6.1.0-next.0

• 6.0.1 - 2018-05-10
  

  6.0.1

• 6.0.1-next.0 - 2018-05-04
  

  6.0.1-next.0

• 6.0.0 - 2018-04-24
  

  6.0.0

• 6.0.0-next.2 - 2018-04-21
• 6.0.0-next.1 - 2018-04-13
• 6.0.0-next.0 - 2018-03-23
• 5.10.0 - 2018-05-11
  

  5.10.0

• 5.10.0-next.1 - 2018-05-07
  

  5.10.0-next.1

• 5.10.0-next.0 - 2018-04-13
• 5.9.0-next.0 - 2018-03-23
• 5.8.0 - 2018-03-23
• 5.8.0-next.0 - 2018-03-13
• 5.7.1 - 2018-02-22
• 5.7.0 - 2018-02-21
• 5.6.0 - 2017-11-28

from npm GitHub release notes

Commit messages

Package name: npm

The new version differs by 250 commits.

• ab3c62a 6.2.0
• 0cfe801 update AUTHORS
• 890c132 doc: update changelog for npm@6.2.0
• 7a08a9b empty
• 322d9c2 chore: Make standard happy
• 4231a0a meta: Add cli-table3 to bundledeps
• f0a372b docs: replace references to the old repo or issue tracker ([Snyk] Security upgrade org.hibernate:hibernate-entitymanager from 5.4.0.Final to 5.4.18.Final #5)
• 4c32413 run-script: Do not use SET to fetch the env in git-bash or cygwin
• 7984206 version: Add new sign-git-commit config (#12697)
• 244b183 audit: add support for --parseable output (#20554)
• 7381783 docs: republish waiting period (#20920)
• 5724983 docs: remove back-ticks not being parsed as markdown (#21165)
• 90c759f npm-audit-report@1.3.1
• 8dc6d76 cli-table3@0.5.0
• 2ac48f8 node-gyp@3.7.0
• d9b2712 request@2.81.0
• 843bdd6 6.2.0-next.1
• 5440b5e doc: update changelog for npm@6.2.0
• ecdcbd7 misc: remove postinstall script that broke stuff (#21129)
• ea9415f 6.2.0-next.0
• d7cf1b3 update AUTHORS
• feb4e2b doc: update changelog for npm@6.2.0
• fe4240e uuid@3.3.2
• 177cbb4 cache: Add warning text about using temp cache for debugging (#21105)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution