[Snyk] Security upgrade npm from 10.9.5 to 11.6.4

[randi274]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Infinite loop SNYK-JS-BRACEEXPANSION-15789759	641

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[randi274]

This major version upgrade from npm v10 to v11 introduces several significant breaking changes that will likely require action, particularly for package publishing workflows and environment setup.

Key Breaking Changes:

• Node.js Version Requirement: npm v11 requires Node.js version ^20.17.0 or >=22.9.0. Environments running older Node.js versions must be upgraded.
• Publishing Pre-releases: When publishing a package with a pre-release version (e.g., 1.0.0-beta.1), you must now explicitly provide a distribution tag (e.g., npm publish --tag next). Automatic tagging with latest for pre-releases is no longer supported.
• npm hook Command Removed: The npm hook command, used for managing webhooks, has been completely removed.
• Stricter latest Tag Behavior: When publishing, npm now verifies that the new version is semantically higher than the current latest version in the registry before applying the latest tag. This helps prevent accidental downgrades.
• --ignore-scripts Scope Expanded: The --ignore-scripts flag now applies to all lifecycle scripts, including the prepare script.

Recommendation:
Before upgrading, verify that your Node.js version meets the new requirements. Review any package publishing scripts to ensure they explicitly set tags for pre-release versions and account for the stricter latest tag logic. If you were using npm hook, you will need to find an alternative method for managing registry hooks.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.