Old npm version has security vulnerabilities - update to ~> v7.0.0 

This package is running a really old version of npm (`2.15.12` while current is `7.24.0`), which has a known security vulnerability in its dependencies. 

One of my projects received a dependabot security warning about `tar` package versions below `4.4.16`. This package is currently using `tar 2.2.1` through the `npm` package. 

![image](https://user-images.githubusercontent.com/46336564/134235285-d91ac0c3-3353-4806-aaf2-ca82fc9d1881.png)

I tracked the minimum npm version required to plug this security hole: v7.0.0
- node-gyp needs to be at least v7.0.0 to pull in [this commit](https://github.com/nodejs/node-gyp/commit/d45438a047a30b6c6993553459e4544e810bb3f5) which upgrades the `tar` version to `~> 4.4.16`.
- npm removes the outdated `node-gyp` dependency and has a secure `tar` version in [this commit](https://github.com/npm/cli/commit/e46400c9484f5c66a0ba405eeb8c1340594dbf05#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519), which is part of the `v7.0.0` release: https://github.com/npm/cli/blob/v7.0.0/package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Old npm version has security vulnerabilities - update to ~> v7.0.0 #120

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Old npm version has security vulnerabilities - update to ~> v7.0.0 #120

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions