fix(npm-audit): ensure message is a string before trimming for deprecation title (#6554)

Signed-off-by: Johannes Will <[email protected]>

Author: JohannesWill

.yarn/versions/e8aaefb7.yml

@@ -0,0 +1,23 @@
+releases:
+  "@yarnpkg/cli": patch
+  "@yarnpkg/plugin-npm-cli": patch
+
+declined:
+  - "@yarnpkg/plugin-compat"
+  - "@yarnpkg/plugin-constraints"
+  - "@yarnpkg/plugin-dlx"
+  - "@yarnpkg/plugin-essentials"
+  - "@yarnpkg/plugin-init"
+  - "@yarnpkg/plugin-interactive-tools"
+  - "@yarnpkg/plugin-nm"
+  - "@yarnpkg/plugin-pack"
+  - "@yarnpkg/plugin-patch"
+  - "@yarnpkg/plugin-pnp"
+  - "@yarnpkg/plugin-pnpm"
+  - "@yarnpkg/plugin-stage"
+  - "@yarnpkg/plugin-typescript"
+  - "@yarnpkg/plugin-version"
+  - "@yarnpkg/plugin-workspace-tools"
+  - "@yarnpkg/builder"
+  - "@yarnpkg/core"
+  - "@yarnpkg/doctor"

packages/plugin-npm-cli/sources/commands/npm/audit.ts

@@ -161,7 +161,7 @@ export default class NpmAuditCommand extends BaseCommand {
         auditResult[packageName] ??= [];
         auditResult[packageName].push({
           id: `${packageName} (deprecation)`,
-          title: message.trim() || `This package has been deprecated.`,
+          title: (typeof message === `string` ? message : ``).trim() || `This package has been deprecated.`,
           severity: npmAuditTypes.Severity.Moderate,
           vulnerable_versions: version,
         });