[Snyk] Security upgrade npm from 3.10.10 to 7.21.0

[lmaeda]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Symlink Attack SNYK-JS-TAR-15456201	118

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[lmaeda]

This is a major upgrade from npm v3 to v7, which introduces a significant number of breaking changes across multiple major versions (v4, v5, v6, v7).

Key Breaking Changes:

• package-lock.json: npm v5 introduced the package-lock.json file to ensure deterministic installs. npm v7 introduces a new, more robust lockfile format (v2) which is not backward-compatible. Running npm install with v7 will automatically upgrade your lockfile.
• Automatic peerDependencies Installation: Starting with npm v7, peerDependencies are installed automatically. This is a major change from previous versions where they were only warned about, and it can lead to installation failures if conflicts are found. You can use the --legacy-peer-deps flag to revert to the old behavior.
• npm audit: Introduced in v6, the npm audit command performs security audits of your dependencies. The output format changed significantly in v7.
• npm ci: Introduced in v5.7, npm ci provides a command for clean, consistent installs from the lockfile, which is ideal for continuous integration environments.
• Workspaces: npm v7 introduced native support for managing multiple packages within a single top-level root package (monorepos).
• npx Rewrite: npx was completely rewritten in v7 to use the npm exec command, which changes some of its behaviors, such as prompting before installing a package that is not yet installed.

Recommendation:

This upgrade requires careful testing. It is highly recommended to:

1. Delete your existing node_modules directory and any old npm-shrinkwrap.json file.
2. Run npm install to generate a new package-lock.json file in the v2 format.
3. Thoroughly test your application, paying close attention to any new errors related to peer dependency conflicts.
4. Update your CI/CD scripts to leverage npm ci for faster and more reliable builds.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.