chore(deps): bump the dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
@nodesecure/js-x-ray	7.3.0	8.0.0
pacote	18.0.6	21.0.0
semver	7.6.3	7.7.1
@npmcli/arborist	7.5.4	9.0.0
itertools	2.3.2	2.4.0
npm-pick-manifest	9.1.0	10.0.0
cacache	18.0.4	19.0.1
type-fest	4.24.0	4.35.0

Updates @nodesecure/js-x-ray from 7.3.0 to 8.0.0

Release notes

Sourced from @​nodesecure/js-x-ray's releases.

v8.0.0

What's Changed

• chore(deps): bump meriyah from 4.5.0 to 5.0.0 in the dependencies group by @​dependabot in NodeSecure/js-x-ray#285
• chore(deps-dev): bump @​types/node from 20.14.13 to 22.0.0 in the development-dependencies group by @​dependabot in NodeSecure/js-x-ray#286
• fix: type issues in api.d.ts by @​fraxken in NodeSecure/js-x-ray#287
• chore(deps): bump the github-actions group with 5 updates by @​dependabot in NodeSecure/js-x-ray#288
• chore(deps): bump @​typescript-eslint/typescript-estree from 7.18.0 to 8.0.0 in the dependencies group by @​dependabot in NodeSecure/js-x-ray#289
• fix(EntryFilesAnalyser): add missing options and patch some minors issues by @​fraxken in NodeSecure/js-x-ray#291
• refactor: fix deprecation in tests & update eslint by @​fraxken in NodeSecure/js-x-ray#292
• feat(EntryFilesAnalyser): implement digraph-js by @​fraxken in NodeSecure/js-x-ray#293
• feat: trace process.getBuiltinModule by @​fraxken in NodeSecure/js-x-ray#294
• fix(Deobfuscator): return if Node is null in extractCounterIdentifiers by @​fraxken in NodeSecure/js-x-ray#296
• Prepare major 8 by @​fraxken in NodeSecure/js-x-ray#297

Full Changelog: NodeSecure/js-x-ray@v7.3.0...v8.0.0

Commits

• f117a38 8.0.0
• 5fc112f chore(js-x-ray): update estree-ast-utils to v1.5.0
• d324907 chore(estree-ast-utils): v1.5.0
• 1fb55a9 Merge pull request #297 from NodeSecure/prepare-major-8
• 32e71b3 refactor: unset experimental for shady-link, suspicious-file and weak-crypto
• 68dae0a chore: cleanup docs API & d.ts
• 9990244 refactor!: remove legacy runASTAnalysis and runASTAnalysisOnFile APIs
• 81e44c5 fix(Deobfuscator): return if Node is null in extractCounterIdentifiers (#296)
• b69ced9 feat: trace process.getBuiltinModule (#294)
• 6c6279c feat(EntryFilesAnalyser): implement digraph-js (#293)
• Additional commits viewable in compare view

Updates pacote from 18.0.6 to 21.0.0

Release notes

Sourced from pacote's releases.

v21.0.0

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing
• this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

• 844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@​wraithgar)

Dependencies

• 2cb6fa7 #415 npm-packlist@10.0.0 (#415)
• 47b928c #412 replace node builtin rmSync with rimraf (#412) (@​mbtools)

Chores

• b6f35a2 #402 bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@​dependabot[bot])
• 1ef54ba #408 support tests on win32 (#408) (@​mbtools)
• 555b000 #401 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@​dependabot[bot], @​npm-cli-bot)

v20.0.0

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

• honors ignoreScripts property within options

Bug Fixes

• f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@​reggi)

v19.0.1

19.0.1 (2024-10-15)

Bug Fixes

• cbf94e8 #389 prepare script respects scriptshell config (#389) (@​milaninfy)
• 2b2948f #403 log tarball retrieval from cache (#403) (@​mbtools, @​wraithgar)

Dependencies

• a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@​bdehamer)

v19.0.0

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

• pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 03b31ca #392 align to npm 10 node engine range (@​reggi)

Dependencies

• f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@​dependabot[bot])
• 932b9ab #396 bump @​npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@​dependabot[bot])
• a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@​dependabot[bot])
• c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@​dependabot[bot])
• 6d59022 #399 bump @​npmcli/git from 5.0.8 to 6.0.0 (#399)
• 21ea2d4 #400 bump @​npmcli/run-script from 8.1.0 to 9.0.0 (#400)
• eddbc01 #392 ssri@12.0.0
• 6c672e9 #392 proc-log@5.0.0
• 03ba2a2 #392 npm-packlist@9.0.0
• 2710286 #392 npm-package-arg@12.0.0
• aa0bd4a #392 @npmcli/promise-spawn@8.0.0
• df23343 #392 @npmcli/installed-package-contents@3.0.0

Chores

... (truncated)

Changelog

Sourced from pacote's changelog.

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing
• this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

• 844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@​wraithgar)

Dependencies

• 2cb6fa7 #415 npm-packlist@10.0.0 (#415)
• 47b928c #412 replace node builtin rmSync with rimraf (#412) (@​mbtools)

Chores

• b6f35a2 #402 bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@​dependabot[bot])
• 1ef54ba #408 support tests on win32 (#408) (@​mbtools)
• 555b000 #401 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@​dependabot[bot], @​npm-cli-bot)

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

• honors ignoreScripts property within options

Bug Fixes

• f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@​reggi)

19.0.1 (2024-10-15)

Bug Fixes

• cbf94e8 #389 prepare script respects scriptshell config (#389) (@​milaninfy)
• 2b2948f #403 log tarball retrieval from cache (#403) (@​mbtools, @​wraithgar)

Dependencies

• a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@​bdehamer)

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

• pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 03b31ca #392 align to npm 10 node engine range (@​reggi)

Dependencies

• f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@​dependabot[bot])
• 932b9ab #396 bump @​npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@​dependabot[bot])
• a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@​dependabot[bot])
• c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@​dependabot[bot])
• 6d59022 #399 bump @​npmcli/git from 5.0.8 to 6.0.0 (#399)
• 21ea2d4 #400 bump @​npmcli/run-script from 8.1.0 to 9.0.0 (#400)
• eddbc01 #392 ssri@12.0.0
• 6c672e9 #392 proc-log@5.0.0
• 03ba2a2 #392 npm-packlist@9.0.0
• 2710286 #392 npm-package-arg@12.0.0
• aa0bd4a #392 @npmcli/promise-spawn@8.0.0
• df23343 #392 @npmcli/installed-package-contents@3.0.0

Chores

• e4ed5cd #392 bump hosted-git-info ^7.0.0 to ^8.0.0 (@​reggi)
• 2871f56 #392 run template-oss-apply (@​reggi)
• 39643f1 #382 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 7e33c82 #383 postinstall for dependabot template-oss PR (@​hashtagchris)

... (truncated)

Commits

• bf1f60f chore: release 21.0.0 (#413)
• 2cb6fa7 deps!: npm-packlist@10.0.0 (#415)
• b6f35a2 chore: bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402)
• 844dc08 fix!: update node engines to ^20.17.0 || >=22.9.0 (#414)
• 555b000 chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401)
• 47b928c deps: replace node builtin rmSync with rimraf (#412)
• 1ef54ba chore: support tests on win32 (#408)
• d606b58 chore: release 20.0.0 (#410)
• f27af63 fix!: honors ignoreScripts option to prevent prepare lifecycle script
• a854c79 chore: release 19.0.1 (#406)
• Additional commits viewable in compare view

Updates semver from 7.6.3 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Commits

• 30c438b chore: release 7.7.1 (#765)
• af761c0 fix(inc): fully capture prerelease identifier (#764)
• 2cfcbb5 chore: release 7.7.0 (#750)
• d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
• 753e02b chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
• 8a34bde fix: add identifier validation to inc() (#754)
• 0864b3c feat: add "release" inc type (#753)
• 67e5478 docs(readme): added missing period for consistency (#756)
• 868d4bb docs: clarify comment about obsolete prefixes (#749)
• 145c554 chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
• Additional commits viewable in compare view

Updates @npmcli/arborist from 7.5.4 to 9.0.0

Release notes

Sourced from @​npmcli/arborist's releases.

config: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• @npmcli/config now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• f846ad3 #7803 align @​npmcli/config to npm 10 node engine range (@​reggi)

Dependencies

• f6909a0 #7803 update proc-log@5.0.0
• 105fa2b #7803 update nopt@8.0.0
• f54b155 #7803 update ini@5.0.0
• 2076368 #7803 update @npmcli/package-json@6.0.1
• feac87c #7803 update @npmcli/map-workspaces@4.0.1

Chores

• 2072705 #7803 update @npmcli/eslint-config@5.0.1 (@​reggi)
• 8035725 #7756 @npmcli/template-oss@4.23.3 (@​wraithgar)

libnpmaccess: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• libnpmaccess now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 73068d6 #7803 align libnpmaccess to npm 10 node engine range (@​reggi)

Dependencies

• d13a20b #7803 update npm-registry-fetch@18.0.1
• 50a7bc8 #7803 update npm-package-arg@12.0.0

Chores

• 2072705 #7803 update @npmcli/eslint-config@5.0.1 (@​reggi)
• 8035725 #7756 @npmcli/template-oss@4.23.3 (@​wraithgar)

libnpmexec: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• libnpmexec now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• a2c8016 #7803 align libnpmexec to npm 10 node engine range (@​reggi)

Dependencies

• 99ccae3 #7803 update bin-links@5.0.0
• 9cd6603 #7803 update read-package-json-fast@4.0.0
• 8b7dbc8 #7803 update read@4.0.0
• f6909a0 #7803 update proc-log@5.0.0
• e7ab206 #7803 update pacote@19.0.0
• 50a7bc8 #7803 update npm-package-arg@12.0.0
• 538a4cc #7803 update @npmcli/run-script@9.0.1

Chores

• 2072705 #7803 update @npmcli/eslint-config@5.0.1 (@​reggi)
• workspace: @npmcli/arborist@8.0.0

arborist: v9.0.0

9.0.0 (2024-12-16)

Features

... (truncated)

Changelog

Sourced from @​npmcli/arborist's changelog.

9.0.0 (2024-12-16)

Features

• a7bfc6d #7972 trigger release process (#7972) (@​wraithgar)

Chores

• a07f4e0 #7976 @npmcli/template-oss@4.23.6 (@​wraithgar)

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
• bun.lockb files are now included in the strict ignore list during packing

Features

• f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@​reggi, @​ljharb)

Dependencies

• c0bcc2a #7955 walk-up-path@4.0.0
• 4bf1901 #7945 @npmcli/metavuln-calculator@9.0.0
• ca84b22 #7945 pacote@21.0.0

9.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

• --ignore-scripts now applies to all lifecycle scripts, include prepare
• npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.
• @​npmcli/arborist now supports node ^20.17.0 || >=22.9.0

Features

• 6995303 #7850 adds --ignore-scripts flag to pack (@​reggi)

Bug Fixes

• 080a0f2 #7911 remove old audit fallback request (@​wraithgar)
• 3ffc08b #7831 for @​npmcli/arborist sets node engine range to ^20.17.0 || >=22.9.0 (@​reggi)

Dependencies

• 7dbef6f #7850 pacote@20.0.0
• 75a3f12 #7859 remove unused deps (#7859)

Chores

• 6edfe2f #7937 @npmcli/template-oss@4.23.5 (@​wraithgar)

8.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• @npmcli/arborist now supports node ^18.17.0 || >=20.5.0

Features

• 4d57928 #7766 devEngines (#7766) (@​reggi)

Bug Fixes

• 365580a #7803 align @​npmcli/arborist to npm 10 node engine range (@​reggi)

Dependencies

• 5795987 #7803 update proggy@3.0.0
• 99ccae3 #7803 update bin-links@5.0.0
• 75786ad #7803 update @npmcli/query@4.0.0
• 1c25a1d #7803 update @npmcli/node-gyp@4.0.0
• 2d7fc3d #7803 update @npmcli/name-from-folder@3.0.0
• 1e09334 #7803 update @npmcli/metavuln-calculator@8.0.0
• 820e983 #7803 update @npmcli/installed-package-contents@3.0.0
• 9cd6603 #7803 update read-package-json-fast@4.0.0
• 8206c4f #7803 update ssri@12.0.0

... (truncated)

Commits

• bc5ec05 chore: release 9.0.0
• 2929899 chore: release 9.0.0-pre.6
• 88137a3 deps: npmlog@7.0.1
• e2e7622 chore: update arborist snapshot from hosted-git-info changes
• 5aa0c2d chore: @​npmcli/template-oss@​4.6.2
• 2008ea6 deps: npm-package-arg@10.0.0, pacote@15.0.2
• 1afe5ba fix: account for new npm-package-arg behavior
• de2d33f feat: add --install-strategy=hoisted|nested|shallow, deprecate --global-style...
• aa01072 deps: update the following dependencies
• 38dc7f6 chore: @​npmcli/template-oss@​4.6.1
• Additional commits viewable in compare view

Updates itertools from 2.3.2 to 2.4.0

Release notes

Sourced from itertools's releases.

v2.4.0

• Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:

  const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
  const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
  console.log(thirds); // [1, 4, 7]
  console.log(rest); // [2, 3, 5, 6, 8, 9]

• Officially drop Node 16 support (it may still work)

Changelog

Sourced from itertools's changelog.

[2.4.0] - 2025-02-19

• Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:

  const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
  const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
  console.log(thirds); // [1, 4, 7]
  console.log(rest); // [2, 3, 5, 6, 8, 9]

• Officially drop Node 16 support (it may still work)

Commits

• 9b596d0 Release 2.4.0
• 1afd944 Upgrade more dependencies
• 1f6756c Upgrade attw and publint
• 6fcb3e4 Upgrade Vitest to v3 (#1135)
• 1da7add Upgrade to ESLint v9 (#1134)
• 13f51eb Fix TS issues
• 8be0d6d Add type-level tests
• 616b8e7 Make all predicates take an index param
• 6e4bf22 Typo
• e20a680 Upgrade vitest
• Additional commits viewable in compare view

Updates npm-pick-manifest from 9.1.0 to 10.0.0

Release notes

Sourced from npm-pick-manifest's releases.

v10.0.0

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

• npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• dd83a53 #145 align to npm 10 node engine range (@​reggi)

Dependencies

• 6b4df8d #145 npm-package-arg@12.0.0
• c2ae5b7 #145 npm-normalize-package-bin@4.0.0
• e948cef #145 npm-install-checks@7.1.0

Chores

• 2e1fdb4 #145 run template-oss-apply (@​reggi)
• 7891f6b #140 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• ae2ffc5 #138 postinstall for dependabot template-oss PR (@​hashtagchris)
• 7744312 #138 bump @​npmcli/template-oss from 4.22.0 to 4.23.3 (@​dependabot[bot])

Changelog

Sourced from npm-pick-manifest's changelog.

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

• npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• dd83a53 #145 align to npm 10 node engine range (@​reggi)

Dependencies

• 6b4df8d #145 npm-package-arg@12.0.0
• c2ae5b7 #145 npm-normalize-package-bin@4.0.0
• e948cef #145 npm-install-checks@7.1.0

Chores

• 2e1fdb4 #145 run template-oss-apply (@​reggi)
• 7891f6b #140 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• ae2ffc5 #138 postinstall for dependabot template-oss PR (@​hashtagchris)
• 7744312 #138 bump @​npmcli/template-oss from 4.22.0 to 4.23.3 (@​dependabot[bot])

Commits

• f68698d chore: release 10.0.0 (#146)

[dependabot]

Superseded by #355.