[Snyk] Security upgrade npm from 5.6.0 to 7.21.0

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • openshift/message-board/message-board-web/package.json
  • openshift/message-board/message-board-web/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: npm

• 7.21.0 - 2021-08-19
  

  v7.21.0 (2021-08-19)

  FEATURES

  • ff34d6cd6 #3592 feat(cache): initial implementation of ls and rm (@ fritzy)

  BUG FIXES

  • 32e88c943 #3640 fix(did-you-mean): switch levenshtein libraries (@ wraithgar)
  • 487731cd5 #3658 fix(logging): sanitize logged argv (@ wraithgar)
  • 68a19bb02 #3661 fix(error-message): look for er.path not er.file (@ wraithgar)

  DEPENDENCIES

  • df57f0d53 @ npmcli/run-script@1.8.6
  • 8183976cf normalize-package-data@3.0.3:
    • fix: account for "licence" as spelling variant
  • f07772401 init-package-json@2.0.4
  • 991a3bd39 read-package-json@4.0.0
  • e9e5ee560 @ npmcli/arborist@2.8.2:
    • fix: treat top-level global packages as "top" nodes
    • fix: load global symlinks implicitly as file: deps
    • fix(reify): debug crash when extracting into symlink
    • fix: node_modules must be a directory
    • fix: make Node.children() a case-insensitive Map
    • fix(reify): verify existing deps in nm are dirs
  • b6f40b5f8 tar@6.1.10:
    • fix: prune dirCache properly for unicode, windows
    • fix: reserve paths properly for unicode, windows
    • fix: prevent path escape using drive-relative paths
    • fix: drop dirCache for symlink on all platforms
  • 218cacadc is-core-module@2.6.0
  • 7ac621cd1 smart-buffer@4.2.0
  • 94f92de13 make-fetch-happen@9.0.5
  • 71cdfd898 spdx-license-ids@3.0.10:
    • update license list to v3.14
• 7.20.6 - 2021-08-12
  

  v7.20.6 (2021-08-12)

  DEPENDENCIES

  • 5bebf280f tar@6.1.8
    • fix: reserve paths case-insensitively
  • 5d89de44d tar@6.1.7:
    • fix: normalize paths on Windows systems
  • a1bdbea97 #3569 remove byte-size (@ wraithgar)
  • 61782fa85 @ npmcli/map-workspaces@1.0.4:
    • fix: better error message for duplicate workspace names
  • b88f770fa @ npmcli/arborist@2.8.1:
    • [#3632] Fix "cannot read property path of null" error in 'npm dedupe'
    • fix(shrinkwrap): always set name on the root node

  DOCUMENTATION

  • 001f2c1b7 #3621 fix(docs): do not include certain files (@ AkiJoey)
  • d1812f1a6 #3630 fix(docs): update npm-publish access flag info (@ austincho)
  • d5a099c7b #3615 fix(readme): add nvm-windows to installers links (@ Yash-Singh1)
• 7.20.5 - 2021-08-05
  

  v7.20.5 (2021-08-05)

  DEPENDENCIES

  • 44377738e graceful-fs@4.2.8
    • fix: start retrying immediately, stop after 60 seconds
• 7.20.4 - 2021-08-05
  

  v7.20.4 (2021-08-05)

  BUG FIXES

  • 6a8086e25 #3463 fix(tests): move more tests to use real npm (@ wraithgar)

  DEPENDENCIES

  • 15fae4941 tar@6.1.6:
    • fix: properly handle top-level files when using strip
    • Avoid an unlikely but theoretically possible redos
    • WriteEntry backpressure
    • fix(unpack): always resume parsing after an entry error
    • fix(unpack): fix hang on large file on open() fail
    • fix: properly prefix hard links
  • 745326de0 libnpmexec@2.0.1:
    • Clear progress bar which overlays confirm prompt
  • e82bcd4e8 graceful-fs@4.2.7:
    • fix: start retrying immediately, stop after 10 attempts
• 7.20.3 - 2021-07-29
  

  v7.20.3 (2021-07-29)

  BUG FIXES

  • 66dc5f94d #3588 update eresolve explanations for new arborist data provided
  • 99575acab #3591 fix(node_modules): remove duplicated file (@ wraithgar)

  DEPENDENCIES

  • 97cb5ec31 @ npmcli/arborist@2.8.0:
    • Refactor ideal tree building to handle more complicated
      peerDependencies use cases.
    • Do not modify ideal tree while checking if a peerSet can be placed.
  • 7db1a0a26 chore(deps): mime-types@1.49.0 mime-db@1.49.0
• 7.20.2 - 2021-07-27
  

  v7.20.2 (2021-07-27)

  DEPENDENCIES

  • f5aab1f88 tar@6.1.1
    • fix: strip absolute paths more comprehensively
  • ce8fb0f69 tar@6.1.2
    • fix: Remove paths from dirCache when no longer dirs
  • ced85087a gauge@3.0.1
    • add missing dependency to package.json
• 7.20.1 - 2021-07-22
  

  BUG FIXES

  • 009ad1e68 #3561 fix(exit-handler): always warn if not called (@ wraithgar)
  • eb67054c8 #3563 fix(config): consolidate use of npm.color (@ wraithgar)

  DOCUMENTATION

  • a014f3d28 #3562 fix(docs): typo in npm cmd docs (@ wraithgar)
  • 1fe1c9b74 #3523 fix(docs): updated policy urls (@ DemiraDimitrova)

  DEPENDENCIES

  • d7f29e8c9 read-package-json-fast@2.0.3:
    • feat: load directories.bin as a bin object
  • b1fefa73d npmlog@5.0.0
    • Drop support for node 6 and 8
  • b6e09971a remove ignored files from node_modules ([@ Ruy Adorno](https://github.com/Ruy Adorno))
  • cf737c505 debug@4.3.2
• 7.20.0 - 2021-07-15
  

  v7.20.0 (2021-07-15)

  FEATURES

  • f17aca5cd #3487 feat: add npm pkg command (@ ruyadorno)
  • 98905ae37 #3471 feat(config): introduce location parameter (@ nlf)

  BUG FIXES

  • 4755b0728 #3498 friendlier errors for ERR_SOCKET_TIMEOUT (@ nlf)
  • 3ecf19cdc #3508 fix(config): fix noproxy (@ wraithgar)
  • c3bd10e46 #3499 fix(update-notifier): don't force black background (@ wraithgar)
  • 89483e888 #3497 fix(usage): better audit/boolean flag usage output (@ wraithgar)
  • feeb8e42a #3495 fix(publish): obey --ignore-scripts flag (@ wraithgar)
  • 103c8c3ef #3479 chore(exit): log any un-ended timings (@ wraithgar)
  • efc4313c2 #3482 chore(refactor): refactor exit handler and tests (@ wraithgar)
  • d8eb49b70 #3540 fix(bundle-and-ignore): case sensitivity cleanup (@ wraithgar)

  DOCUMENTATION

  • 339145f64 #3491 fix(docs): clarify what install type gets .bin (@ wraithgar)
  • 74c99755e #3494 fix(docs): add npm update example (@ wraithgar)
  • 801a52330 #3542 fix(docs): correct Node.js JavaScript stylings (@ relrelb)
  • 791416713 #3546 fix(docs): how to see background script output (@ cinderblock)

  DEPENDENCIES

  • 691816f3d @ npmcli/arborist@2.7.1
    • fixes running prepare scripts for workspaces on reify
    • ensure pacote always compares correct integrity values
  • b9597e944 make-fetch-happen@9.0.4
    • fix: retry socket timeout failures
    • fix: clean up invalid indexes and content after cacache read errors
  • f573e7c56 minipass-fetch@1.3.4
    • fix: correctly handle error events that happen after response events
  • 2d5797ea0 pacote@11.3.5
    • fix: show more actionable messages for git pathspec errors
    • fix: include all dep types when building for prepare
    • fix: do not set mtime when unpacking
• 7.19.1 - 2021-07-01
• 7.19.0 - 2021-06-24
• 7.18.1 - 2021-06-17
• 7.18.0 - 2021-06-17
• 7.17.0 - 2021-06-10
• 7.16.0 - 2021-06-03
• 7.15.1 - 2021-05-31
• 7.15.0 - 2021-05-27
• 7.14.0 - 2021-05-20
• 7.13.0 - 2021-05-13
• 7.12.1 - 2021-05-10
• 7.12.0 - 2021-05-06
• 7.11.2 - 2021-04-29
• 7.11.1 - 2021-04-23
• 7.11.0 - 2021-04-23
• 7.10.0 - 2021-04-15
• 7.9.0 - 2021-04-08
• 7.8.0 - 2021-04-01
• 7.7.6 - 2021-03-29
• 7.7.5 - 2021-03-25
• 7.7.4 - 2021-03-24
• 7.7.3 - 2021-03-24
• 7.7.2 - 2021-03-24
• 7.7.1 - 2021-03-24
• 7.7.0 - 2021-03-23
• 7.6.3 - 2021-03-11
• 7.6.2 - 2021-03-09
• 7.6.1 - 2021-03-04
• 7.6.0 - 2021-02-25
• 7.5.6 - 2021-02-22
• 7.5.5 - 2021-02-22
• 7.5.4 - 2021-02-12
• 7.5.3 - 2021-02-08
• 7.5.2 - 2021-02-02
• 7.5.1 - 2021-02-01
• 7.5.0 - 2021-01-28
• 7.4.3 - 2021-01-21
• 7.4.2 - 2021-01-15
• 7.4.1 - 2021-01-14
• 7.4.0 - 2021-01-07
• 7.3.0 - 2020-12-18
• 7.2.0 - 2020-12-15
• 7.1.2 - 2020-12-11
• 7.1.1 - 2020-12-09
• 7.1.0 - 2020-12-04
• 7.0.15 - 2020-11-27
• 7.0.14 - 2020-11-23
• 7.0.13 - 2020-11-20
• 7.0.12 - 2020-11-17
• 7.0.11 - 2020-11-13
• 7.0.10 - 2020-11-10
• 7.0.9 - 2020-11-06
• 7.0.8 - 2020-11-03
• 7.0.7 - 2020-10-30
• 7.0.6 - 2020-10-27
• 7.0.5 - 2020-10-23
• 7.0.4 - 2020-10-23
• 7.0.3 - 2020-10-20
• 7.0.2 - 2020-10-16
• 7.0.1 - 2020-10-15
• 7.0.0 - 2020-10-13
• 7.0.0-rc.4 - 2020-10-09
• 7.0.0-rc.3 - 2020-10-06
• 7.0.0-rc.2 - 2020-10-02
• 7.0.0-rc.1 - 2020-10-02
• 7.0.0-rc.0 - 2020-10-01
• 7.0.0-beta.13 - 2020-09-29
• 7.0.0-beta.12 - 2020-09-22
• 7.0.0-beta.11 - 2020-09-16
• 7.0.0-beta.10 - 2020-09-08
• 7.0.0-beta.9 - 2020-09-04
• 7.0.0-beta.8 - 2020-09-01
• 7.0.0-beta.7 - 2020-08-25
• 7.0.0-beta.6 - 2020-08-21
• 7.0.0-beta.5 - 2020-08-18
• 7.0.0-beta.4 - 2020-08-11
• 7.0.0-beta.3 - 2020-08-10
• 7.0.0-beta.2 - 2020-08-07
• 7.0.0-beta.1 - 2020-08-05
• 7.0.0-beta.0 - 2020-08-04
• 6.14.18 - 2022-12-21
• 6.14.17 - 2022-04-28
• 6.14.16 - 2022-01-19
• 6.14.15 - 2021-08-24
• 6.14.14 - 2021-07-27
  

  6.14.14 (2021-07-27)

  DEPENDENCIES

  • 4627c0670 tar@4.4.15
• 6.14.13 - 2021-04-12
• 6.14.12 - 2021-03-25
• 6.14.11 - 2021-01-08
• 6.14.10 - 2020-12-18
• 6.14.9 - 2020-11-20
• 6.14.8 - 2020-08-17
• 6.14.7 - 2020-07-21
• 6.14.6 - 2020-07-07
• 6.14.5 - 2020-05-04
• 6.14.4 - 2020-03-25
• 6.14.3 - 2020-03-19
• 6.14.2 - 2020-03-03
• 6.14.1 - 2020-02-27
• 6.14.0 - 2020-02-25
• 6.13.7 - 2020-01-28
• 6.13.6 - 2020-01-09
• 6.13.5 - 2020-01-09
• 6.13.4 - 2019-12-11
• 6.13.3 - 2019-12-10
• 6.13.2 - 2019-12-03
• 6.13.1 - 2019-11-18
• 6.13.0 - 2019-11-05
• 6.12.1 - 2019-10-29
• 6.12.0 - 2019-10-08
• 6.12.0-next.0 - 2019-09-26
• 6.11.3 - 2019-09-03
• 6.11.2 - 2019-08-22
• 6.11.1 - 2019-08-21
• 6.11.0 - 2019-08-20
• 6.10.3 - 2019-08-06
• 6.10.2 - 2019-07-23
• 6.10.2-next.3 - 2019-07-22
• 6.10.2-next.2 - 2019-07-21
• 6.10.2-next.1 - 2019-07-17
• 6.10.2-next.0 - 2019-07-16
• 6.10.1 - 2019-07-11
• 6.10.1-next.2 - 2019-07-10
• 6.10.1-next.1 - 2019-07-03
• 6.10.1-next.0 - 2019-07-03
• 6.10.0 - 2019-07-03
• 6.10.0-next.0 - 2019-07-01
• 6.9.2 - 2019-06-27
• 6.9.1-next.0 - 2019-03-20
• 6.9.0 - 2019-03-06
• 6.9.0-next.0 - 2019-02-21
• 6.8.0 - 2019-02-13
• 6.8.0-next.2 - 2019-02-07
• 6.8.0-next.1 - 2019-02-06
• 6.8.0-next.0 - 2019-01-31
• 6.7.0 - 2019-01-23
• 6.6.0 - 2019-01-17
• 6.6.0-next.1 - 2019-01-10
• 6.6.0-next.0 - 2018-12-12
• 6.5.0 - 2018-12-10
• 6.5.0-next.0 - 2018-11-28
• 6.4.1 - 2018-08-29
• 6.4.1-next.0 - 2018-08-23
• 6.4.0 - 2018-08-15
• 6.4.0-next.0 - 2018-08-09
• 6.3.0 - 2018-08-02
• 6.3.0-next.0 - 2018-07-25
• 6.2.0 - 2018-07-14
• 6.2.0-next.1 - 2018-07-05
• 6.2.0-next.0 - 2018-06-29
• 6.1.0 - 2018-05-24
• 6.1.0-next.0 - 2018-05-17
• 6.0.1 - 2018-05-10
• 6.0.1-next.0 - 2018-05-04
• 6.0.0 - 2018-04-24
• 6.0.0-next.2 - 2018-04-21
• 6.0.0-next.1 - 2018-04-13
• 6.0.0-next.0 - 2018-03-23
• 5.10.0 - 2018-05-11
• 5.10.0-next.1 - 2018-05-07
• 5.10.0-next.0 - 2018-04-13
• 5.9.0-next.0 - 2018-03-23
• 5.8.0 - 2018-03-23
• 5.8.0-next.0 - 2018-03-13
• 5.7.1 - 2018-02-22
• 5.7.0 - 2018-02-21
• 5.6.0 - 2017-11-28

from npm GitHub release notes

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.