[Snyk] Upgrade atom-package-manager from 2.4.3 to 2.5.0

[snyk-bot]

Snyk has created this PR to upgrade atom-package-manager from 2.4.3 to 2.5.0.

✨What is Merge Advice?

We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 15 days ago, on 2020-05-06.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution npm:extend:20180424	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-174125	No Known Exploit
	Arbitrary File Write SNYK-JS-NPM-537606	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-NPM-537603	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	No Known Exploit
	Arbitrary File Write SNYK-JS-BINLINKS-537610	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	No Known Exploit
	Prototype Pollution npm:hoek:20180212	No Known Exploit
	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	Proof of Concept
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	Unauthorized File Access SNYK-JS-NPM-537604	Proof of Concept
	Unauthorized File Access SNYK-JS-BINLINKS-537609	Proof of Concept

Release notes

Package name: atom-package-manager

• 2.5.0 - 2020-05-06
  

  2.5.0

• 2.4.5 - 2019-11-27
  

  releasing v2.4.5

• 2.4.4 - 2019-11-26
  

  Releasing version v2.4.4

• 2.4.3 - 2019-08-16
  

  2.4.3

from atom-package-manager GitHub release notes

Commit messages

Package name: atom-package-manager

• adb72dc 2.5.0
• 498562d Merge pull request Mini editor text placement is too high atom/atom#887 from DeeDeeG/upgrade-node-gyp-with-fixes
• e2efbd5 CI: Update Node from 10.2.1 to 10.20.1
• fff0890 install-spec: Delete 'with a space' after test
• 7a29a08 🔥 fake-python-[1,2].sh
• ed6e03d install-spec: Delete "configurable python" tests
• 77227d8 spec: Update node tarball/libs to v10.20.1
• 208d982 BUNDLED_NODE_VERSION: Bump bundled Node to v10.20.1
• dead3c3 install_spec.coffee: Use deduped node-gyp path
• 97b05cd package-lock: Restore missing dependencies
• fe6c3ce package-lock.json: Fix misformed URL
• 6765c77 Okay still npm install
• 03a0f2e Upgrade npm first
• cc33759 Well that didn't help
• 019d816 Actually rename the npm task
• a0a2e01 No matrix
• 4dae606 Let's see if the dedupe is messing it up
• 3078e03 "prepublish" step is deprecated
• 45c9d91 back to npm install I guess?
• 71f50cd ⬆️ npm
• 0549175 Merge branch 'master' of github.com:atom/apm into upgrade-node-gyp
• 707cd2a commited package-lock
• 49a1372 Merge branch 'master' of https://github.com/atom/apm
• 5332714 ⬆️ git-utils@5.6.2 and apm@2.4.5

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs