[Snyk] Security upgrade atom-package-manager from 2.4.3 to 2.5.0

[HelloKittyHacker]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • apm/package.json
  • apm/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	No	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: atom-package-manager

The new version differs by 34 commits.

• adb72dc 2.5.0
• 498562d Merge pull request Mini editor text placement is too high atom/atom#887 from DeeDeeG/upgrade-node-gyp-with-fixes
• e2efbd5 CI: Update Node from 10.2.1 to 10.20.1
• fff0890 install-spec: Delete 'with a space' after test
• 7a29a08 🔥 fake-python-[1,2].sh
• ed6e03d install-spec: Delete "configurable python" tests
• 77227d8 spec: Update node tarball/libs to v10.20.1
• 208d982 BUNDLED_NODE_VERSION: Bump bundled Node to v10.20.1
• dead3c3 install_spec.coffee: Use deduped node-gyp path
• 97b05cd package-lock: Restore missing dependencies
• fe6c3ce package-lock.json: Fix misformed URL
• 6765c77 Okay still npm install
• 03a0f2e Upgrade npm first
• cc33759 Well that didn't help
• 019d816 Actually rename the npm task
• a0a2e01 No matrix
• 4dae606 Let's see if the dedupe is messing it up
• 3078e03 "prepublish" step is deprecated
• 45c9d91 back to npm install I guess?
• 71f50cd ⬆️ npm
• 0549175 Merge branch 'master' of github.com:atom/apm into upgrade-node-gyp
• 707cd2a commited package-lock
• 49a1372 Merge branch 'master' of https://github.com/atom/apm
• 5332714 ⬆️ git-utils@5.6.2 and apm@2.4.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Overwrite
🦉 Insertion of Sensitive Information into Log File
🦉 Regular Expression Denial of Service (ReDoS)