deps: upgrade npm to 6.5.0

PR-URL: #24734
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>

deps/npm/.licensee.json

@@ -0,0 +1,9 @@
+{
+  "license": "(MIT OR BSD-2-Clause OR BSD-3-Clause OR Apache-2.0 OR ISC OR Unlicense OR CC-BY-3.0 OR CC0-1.0 OR Artistic-2.0)",
+  "whitelist": {
+    "config-chain": "1.1.12",
+    "cyclist": "0.2.2",
+    "json-schema": "0.2.3",
+    "qrcode-terminal": "0.12.0"
+  }
+}

deps/npm/.travis.yml

@@ -33,3 +33,4 @@ install:
   - "node . install"
 script:
   - "node . run tap -- \"test/tap/*.js\" \"test/broken-under-nyc/*.js\""
+  - "node . run licenses"

deps/npm/AUTHORS

@@ -601,3 +601,14 @@ SneakyFish5 <32284796+SneakyFish5@users.noreply.github.com>
 Nikki Everett <neverett@users.noreply.github.com>
 Erik Price <github@erikprice.net>
 Lars Willighagen <lars.willighagen@gmail.com>
+Kevin Gibbons <bakkot@gmail.com>
+Maarten Balliauw <maarten@balliauw.be>
+Mehdy Dara <mdara@eleven-labs.com>
+Robert Kielty <rob.kielty@gmail.com>
+Scott Trinh <scottyparade@gmail.com>
+Hugo <hugovk@users.noreply.github.com>
+Jacob <jakeincanada@icloud.com>
+Joe Bottigliero <joe@bottigliero.com>
+Nikolai Vavilov <vvnicholas@gmail.com>
+Kelvin Jin <kelvinjin@google.com>
+乱序 <midare@utakana.de>

deps/npm/CHANGELOG.md

@@ -1,3 +1,134 @@
+## v6.5.0 (2018-11-28):
+
+### NEW FEATURES
+
+* [`fc1a8d185`](https://github.com/npm/cli/commit/fc1a8d185fc678cdf3784d9df9eef9094e0b2dec)
+  Backronym `npm ci` to `npm clean-install`.
+  ([@zkat](https://github.com/zkat))
+* [`4be51a9cc`](https://github.com/npm/cli/commit/4be51a9cc65635bb26fa4ce62233f26e0104bc20)
+  [#81](https://github.com/npm/cli/pull/81)
+  Adds 'Homepage' to outdated --long output.
+  ([@jbottigliero](https://github.com/jbottigliero))
+
+### BUGFIXES
+
+* [`89652cb9b`](https://github.com/npm/cli/commit/89652cb9b810f929f5586fc90cc6794d076603fb)
+  [npm.community#1661](https://npm.community/t/https://npm.community/t/1661)
+  Fix sign-git-commit options. They were previously totally wrong.
+  ([@zkat](https://github.com/zkat))
+* [`414f2d1a1`](https://github.com/npm/cli/commit/414f2d1a1bdffc02ed31ebb48a43216f284c21d4)
+  [npm.community#1742](https://npm.community/t/npm-audit-making-non-rfc-compliant-requests-to-server-resulting-in-400-bad-request-pr-with-fix/1742)
+  Set lowercase headers for npm audit requests.
+  ([@maartenba](https://github.com/maartenba))
+* [`a34246baf`](https://github.com/npm/cli/commit/a34246bafe73218dc9e3090df9ee800451db2c7d)
+  [#75](https://github.com/npm/cli/pull/75)
+  Fix `npm edit` handling of scoped packages.
+  ([@larsgw](https://github.com/larsgw))
+* [`d3e8a7c72`](https://github.com/npm/cli/commit/d3e8a7c7240dd25379a5bcad324a367c58733c73)
+  [npm.community#2303](https://npm.community/t/npm-ci-logs-success-to-stderr/2303)
+  Make summary output for `npm ci` go to `stdout`, not `stderr`.
+  ([@alopezsanchez](https://github.com/alopezsanchez))
+* [`71d8fb4a9`](https://github.com/npm/cli/commit/71d8fb4a94d65e1855f6d0c5f2ad2b7c3202e3c4)
+  [npm.community#1377](https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3)
+  Close the file descriptor during publish if exiting upload via an error. This
+  will prevent strange error messages when the upload fails and make sure
+  cleanup happens correctly.
+  ([@macdja38](https://github.com/macdja38))
+
+### DOCS UPDATES
+
+* [`b1a8729c8`](https://github.com/npm/cli/commit/b1a8729c80175243fbbeecd164e9ddd378a09a50)
+  [#60](https://github.com/npm/cli/pull/60)
+  Mention --otp flag when prompting for OTP.
+  ([@bakkot](https://github.com/bakkot))
+* [`bcae4ea81`](https://github.com/npm/cli/commit/bcae4ea8173e489a76cc226bbd30dd9eabe21ec6)
+  [#64](https://github.com/npm/cli/pull/64)
+  Clarify that git dependencies use the default branch, not just `master`.
+  ([@zckrs](https://github.com/zckrs))
+* [`15da82690`](https://github.com/npm/cli/commit/15da8269032bf509ade3252978e934f2a61d4499)
+  [#72](https://github.com/npm/cli/pull/72)
+  `bash_completion.d` dir is sometimes found in `/etc` not `/usr/local`.
+  ([@RobertKielty](https://github.com/RobertKielty))
+* [`8a6ecc793`](https://github.com/npm/cli/commit/8a6ecc7936dae2f51638397ff5a1d35cccda5495)
+  [#74](https://github.com/npm/cli/pull/74)
+  Update OTP documentation for `dist-tag add` to clarify `--otp` is needed right
+  now.
+  ([@scotttrinh](https://github.com/scotttrinh))
+* [`dcc03ec85`](https://github.com/npm/cli/commit/dcc03ec858bddd7aa2173b5a86b55c1c2385a2a3)
+  [#82](https://github.com/npm/cli/pull/82)
+  Note that `prepare` runs when installing git dependencies.
+  ([@seishun](https://github.com/seishun))
+* [`a91a470b7`](https://github.com/npm/cli/commit/a91a470b71e08ccf6a75d4fb8c9937789fa8d067)
+  [#83](https://github.com/npm/cli/pull/83)
+  Specify that --dry-run isn't available in older versions of npm publish.
+  ([@kjin](https://github.com/kjin))
+* [`1b2fabcce`](https://github.com/npm/cli/commit/1b2fabccede37242233755961434c52536224de5)
+  [#96](https://github.com/npm/cli/pull/96)
+  Fix inline code tag issue in docs.
+  ([@midare](https://github.com/midare))
+* [`6cc70cc19`](https://github.com/npm/cli/commit/6cc70cc1977e58a3e1ea48e660ffc6b46b390e59)
+  [#68](https://github.com/npm/cli/pull/68)
+  Add semver link and a note on empty string format to `deprecate` doc.
+  ([@neverett](https://github.com/neverett))
+* [`61dbbb7c3`](https://github.com/npm/cli/commit/61dbbb7c3474834031bce88c423850047e8131dc)
+  Fix semver docs after version update.
+  ([@zkat](https://github.com/zkat))
+* [`4acd45a3d`](https://github.com/npm/cli/commit/4acd45a3d0ce92f9999446226fe7dfb89a90ba2e)
+  [#78](https://github.com/npm/cli/pull/78)
+  Correct spelling across various docs.
+  ([@hugovk](https://github.com/hugovk))
+
+### DEPENDENCIES
+
+* [`4f761283e`](https://github.com/npm/cli/commit/4f761283e8896d0ceb5934779005646463a030e8)
+  `figgy-pudding@3.5.1`
+  ([@zkat](https://github.com/zkat))
+* [`3706db0bc`](https://github.com/npm/cli/commit/3706db0bcbc306d167bb902362e7f6962f2fe1a1)
+  [npm.community#1764](https://npm.community/t/crash-invalid-config-key-requested-error/1764)
+  `ssri@6.0.1`
+  ([@zkat](https://github.com/zkat))
+* [`83c2b117d`](https://github.com/npm/cli/commit/83c2b117d0b760d0ea8d667e5e4bdfa6a7a7a8f6)
+  `bluebird@3.5.2`
+  ([@petkaantonov](https://github.com/petkaantonov))
+* [`2702f46bd`](https://github.com/npm/cli/commit/2702f46bd7284fb303ca2119d23c52536811d705)
+  `ci-info@1.5.1`
+  ([@watson](https://github.com/watson))
+* [`4db6c3898`](https://github.com/npm/cli/commit/4db6c3898b07100e3a324e4aae50c2fab4b93a04)
+  `config-chain@1.1.1`:2
+  ([@dawsbot](https://github.com/dawbot))
+* [`70bee4f69`](https://github.com/npm/cli/commit/70bee4f69bb4ce4e18c48582fe2b48d8b4aba566)
+  `glob@7.1.3`
+  ([@isaacs](https://github.com/isaacs))
+* [`e469fd6be`](https://github.com/npm/cli/commit/e469fd6be95333dcaa7cf377ca3620994ca8d0de)
+  `opener@1.5.1`:
+  Fix browser opening under Windows Subsystem for Linux (WSL).
+  ([@thijsputman](https://github.com/thijsputman))
+* [`03840dced`](https://github.com/npm/cli/commit/03840dced865abdca6e6449ea030962e5b19db0c)
+  `semver@5.5.1`
+  ([@iarna](https://github.com/iarna))
+* [`161dc0b41`](https://github.com/npm/cli/commit/161dc0b4177e76306a0e3b8660b3b496cc3db83b)
+  `bluebird@3.5.3`
+  ([@petkaantonov](https://github.com/petkaantonov))
+* [`bb6f94395`](https://github.com/npm/cli/commit/bb6f94395491576ec42996ff6665df225f6b4377)
+  `graceful-fs@4.1.1`:5
+  ([@isaacs](https://github.com/isaacs))
+* [`43b1f4c91`](https://github.com/npm/cli/commit/43b1f4c91fa1d7b3ebb6aa2d960085e5f3ac7607)
+  `tar@4.4.8`
+  ([@isaacs](https://github.com/isaacs))
+* [`ab62afcc4`](https://github.com/npm/cli/commit/ab62afcc472de82c479bf91f560a0bbd6a233c80)
+  `npm-packlist@1.1.1`:2
+  ([@isaacs](https://github.com/isaacs))
+* [`027f06be3`](https://github.com/npm/cli/commit/027f06be35bb09f390e46fcd2b8182539939d1f7)
+  `ci-info@1.6.0`
+  ([@watson](https://github.com/watson))
+
+### MISCELLANEOUS
+
+* [`27217dae8`](https://github.com/npm/cli/commit/27217dae8adbc577ee9cb323b7cfe9c6b2493aca)
+  [#70](https://github.com/npm/cli/pull/70)
+  Automatically audit dependency licenses for npm itself.
+  ([@kemitchell](https://github.com/kemitchell))
+
 ## v6.4.1 (2018-08-22):
 
 ### BUGFIXES
@@ -220,7 +351,7 @@ bumped due to bugs that had been around for a while.
   ([@zkat](https://github.com/zkat))
 * [`21cf0ab68`](https://github.com/npm/cli/commit/21cf0ab68cf528d5244ae664133ef400bdcfbdb6)
   [npm/cli#24](https://github.com/npm/cli/pull/24)
-  Use the defaut OTP explanation everywhere except when the context is
+  Use the default OTP explanation everywhere except when the context is
   "OTP-aware" (like when setting double-authentication). This improves the
   overall CLI messaging when prompting for an OTP code.
   ([@jdeniau](https://github.com/jdeniau))

deps/npm/changelogs/CHANGELOG-2.md

@@ -1,7 +1,7 @@
 ### v2.15.12 (2017-03-24):
 
 This version brings the latest `node-gyp` to a soon to be released Node.js
-4.x.  The `node-gyp` update is paticularly important to Windows folks due to
+4.x.  The `node-gyp` update is particularly important to Windows folks due to
 its addition of Visual Studio 2017 support.
 
 * [`cdd60e733`](https://github.com/npm/npm/commit/cdd60e733905a9994e1d6d832996bfdd12abeaee)
@@ -372,7 +372,7 @@ Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015
 functionality will land anytime soon.
 
 Looking forward, the team's current plan is to drop support for Node.js 0.10
-when its LTS maintenace window expires in October, 2016, and 0.12 when its
+when its LTS maintenance window expires in October, 2016, and 0.12 when its
 maintenance / LTS window ends at the end of 2016. We will also drop support for
 Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the
 October-December 2016 timeframe.
@@ -1507,7 +1507,7 @@ change makes it do.
 
 We _think_ this is what everyone wants, but if this causes problems for you, we
 want to know! If it proves problematic for people we will consider reverting it
-(preferrably before this becomes `npm@latest`).
+(preferably before this becomes `npm@latest`).
 
 Previously, when you ran `npm install foo` we would act as if you typed `npm
 install foo@*`. Now, like any range-type specifier, in addition to matching the
@@ -2742,7 +2742,7 @@ NodeConf Adventure!
   ([@iarna](https://github.com/iarna))
 * [`e02e85d`](https://github.com/npm/npm/commit/e02e85d)
   `osenv@0.1.2`: Switches to using the `os-tmpdir` module instead of
-  `os.tmpdir()` for greate consistency in behavior between node versions.
+  `os.tmpdir()` for greater consistency in behavior between node versions.
   ([@iarna](https://github.com/iarna))
 * [`a6f0265`](https://github.com/npm/npm/commit/a6f0265)
   `ini@1.3.4` ([@isaacs](https://github.com/isaacs))
@@ -4588,7 +4588,7 @@ Other changes:
   ([@gfxmonk](https://github.com/gfxmonk))
 * [`989624e`](https://github.com/npm/npm/commit/989624e8321f87734c1b1272fc2f646e7af1f81c)
   [#6767](https://github.com/npm/npm/issues/6767) Actually pass parameters when
-  adding git repo to cach under Windows.
+  adding git repo to cache under Windows.
   ([@othiym23](https://github.com/othiym23))
 * [`657af73`](https://github.com/npm/npm/commit/657af7308f7d6cd2f81389fcf0d762252acaf1ce)
   [#6774](https://github.com/npm/npm/issues/6774) When verifying paths on

deps/npm/changelogs/CHANGELOG-3.md

@@ -2143,7 +2143,7 @@ This release includes an updated `node-gyp` with fixes for Android.
   ([@watilde](https://github.com/watilde))
 * [`47928cd`](https://github.com/npm/npm/commit/47928cd6264e1d6d0ef67435b71c66d01bea664a)
   [#11003](https://github.com/npm/npm/issues/11003)
-  Remove "verison" typo from the help listing.
+  Remove "version" typo from the help listing.
   ([@doug-wade](https://github.com/doug-wade))
 
 #### MORE COMPLETE CONFIG LISTINGS
@@ -3473,7 +3473,7 @@ Hey, you found the feature we added!
   folder with the same layout as global modules.  Only your direct
   dependencies will show in `node_modules` and everything they depend on
   will be flattened in their `node_modules` folders.  This obviously will
-  elminate some deduping.
+  eliminate some deduping.
   ([@iarna](https://github.com/iarna))
 
 #### TYPOS IN THE LICENSE, OH MY
@@ -3492,7 +3492,7 @@ this change makes it do.
 
 We _think_ this is what everyone wants, but if this causes problems for
 you, we want to know! If it proves problematic for people we will consider
-reverting it (preferrably before this becomes `npm@latest`).
+reverting it (preferably before this becomes `npm@latest`).
 
 Previously, when you ran `npm install foo` we would act as if you typed
 `npm install foo@*`. Now, like any range-type specifier, in addition to
@@ -4070,7 +4070,7 @@ in line with `npm@2`.
 
 * [`95ee92c`](https://github.com/npm/npm/commit/95ee92c)
   [#9433](https://github.com/npm/npm/issues/9433)
-  Give better error messages for invalid URLs in the dependecy
+  Give better error messages for invalid URLs in the dependency
   list.
   ([@jamietre](https://github.com/jamietre))
 

deps/npm/changelogs/CHANGELOG-4.md

@@ -296,7 +296,7 @@ Also there's maybe a bit of an easter egg in this release. 'Cause those are fun
 ### v4.4.1 (2017-03-06):
 
 This is a quick little patch release to forgo the update notification
-checker if you're on an unsuported (but not otherwise broken) version of
+checker if you're on an unsupported (but not otherwise broken) version of
 Node.js.  Right now that means 0.10 or 0.12.
 
 * [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2)
@@ -1434,7 +1434,7 @@ install`, and `prepublishOnly` will be removed, leaving `prepare` and
 
 * [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570)
   [#14290](https://github.com/npm/npm/pull/14290)
-  Add `prepare` and `prepublishOnly` lifecyle events.
+  Add `prepare` and `prepublishOnly` lifecycle events.
   ([@othiym23](https://github.com/othiym23))
 * [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117)
   [#14290](https://github.com/npm/npm/pull/14290)

deps/npm/changelogs/CHANGELOG-5.md

@@ -1285,7 +1285,7 @@ had been held by 1.3.16 since _December of 2013_.
 If you can't get enough of the bleeding edge, I encourage you to check out
 our canary release of npm. Get it with `npm install -g npmc`. It's going to
 be seeing some exciting stuff in the next couple of weeks, starting with a
-rewriten `npm dedupe`, but moving on to… well, you'll just have to wait and
+rewritten `npm dedupe`, but moving on to… well, you'll just have to wait and
 find out.
 
 ### PERFORMANCE
@@ -1911,7 +1911,7 @@ right? Here's what's bumping that number for us this time:
   ([@KennethKinLum](https://github.com/KennethKinLum))
 * [`c9b534a14`](https://github.com/npm/npm/commit/c9b534a148818d1a97787c0dfdba5f64ce3618a6)
   [#17074](https://github.com/npm/npm/pull/17074)
-  Clarify config documention with multiple boolean flags.
+  Clarify config documentation with multiple boolean flags.
   ([@KennethKinLum](https://github.com/KennethKinLum))
 * [`e111b0a40`](https://github.com/npm/npm/commit/e111b0a40c4bc6691d7b8d67ddce5419e67bfd27)
   [#16768](https://github.com/npm/npm/pull/16768)
@@ -2117,7 +2117,7 @@ added 234 packages in .005ms
   Fix a crash while installing with `--no-shrinkwrap`.
   ([@jacknagel](https://github.com/jacknagel))
 
-### DOC UPATES
+### DOC UPDATES
 
 * [`89e0cb816`](https://github.com/npm/npm/commit/89e0cb8165dd9c3c7ac74d531617f367099608f4)
   [#16818](https://github.com/npm/npm/pull/16818)

deps/npm/doc/cli/npm-ci.md

@@ -39,9 +39,10 @@ cache:
 
 This command is similar to `npm-install(1)`, except it's meant to be used in
 automated environments such as test platforms, continuous integration, and
-deployment. It can be significantly faster than a regular npm install by
-skipping certain user-oriented features. It is also more strict than a regular
-install, which can help catch errors or inconsistencies caused by the
+deployment -- or any situation where you want to make sure you're doing a clean
+install of your dependencies. It can be significantly faster than a regular npm
+install by skipping certain user-oriented features. It is also more strict than
+a regular install, which can help catch errors or inconsistencies caused by the
 incrementally-installed local environments of most npm users.
 
 In short, the main differences between using `npm install` and `npm ci` are:

deps/npm/doc/cli/npm-completion.md

@@ -17,9 +17,10 @@ everywhere:
     npm completion >> ~/.bashrc
     npm completion >> ~/.zshrc
 
-You may of course also pipe the output of npm completion to a file
-such as `/usr/local/etc/bash_completion.d/npm` if you have a system
-that will read that file for you.
+You may of course also pipe the output of `npm completion` to a file
+such as `/usr/local/etc/bash_completion.d/npm` or
+`/etc/bash_completion.d/npm` if you have a system that will read
+that file for you.
 
 When `COMP_CWORD`, `COMP_LINE`, and `COMP_POINT` are defined in the
 environment, `npm completion` acts in "plumbing mode", and outputs

deps/npm/doc/cli/npm-deprecate.md

@@ -10,15 +10,17 @@ npm-deprecate(1) -- Deprecate a version of a package
 This command will update the npm registry entry for a package, providing
 a deprecation warning to all who attempt to install it.
 
-It works on version ranges as well as specific versions, so you can do
-something like this:
+It works on [version ranges](https://semver.npmjs.com/) as well as specific
+versions, so you can do something like this:
 
     npm deprecate my-thing@"< 0.2.3" "critical bug fixed in v0.2.3"
 
 Note that you must be the package owner to deprecate something.  See the
 `owner` and `adduser` help topics.
 
-To un-deprecate a package, specify an empty string (`""`) for the `message` argument.
+To un-deprecate a package, specify an empty string (`""`) for the `message`
+argument. Note that you must use double quotes with no space between them to
+format an empty string.
 
 ## SEE ALSO
 

deps/npm/doc/cli/npm-dist-tag.md

@@ -15,9 +15,9 @@ Add, remove, and enumerate distribution tags on a package:
 
 * add:
   Tags the specified version of the package with the specified tag, or the
-  `--tag` config if not specified. If the tag you're adding is `latest` and you
-  have two-factor authentication on auth-and-writes then you'll need to include
-  an otp on the command line with `--otp`.
+  `--tag` config if not specified. If you have two-factor authentication on
+  auth-and-writes then you’ll need to include a one-time password on the
+  command line with `--otp <one-time password>`.
 
 * rm:
   Clear a tag that is no longer in use from the package.

deps/npm/doc/cli/npm-edit.md

@@ -3,12 +3,14 @@ npm-edit(1) -- Edit an installed package
 
 ## SYNOPSIS
 
-    npm edit <pkg>[@<version>]
+    npm edit <pkg>[/<subpkg>...]
 
 ## DESCRIPTION
 
-Opens the package folder in the default editor (or whatever you've
-configured as the npm `editor` config -- see `npm-config(7)`.)
+Selects a (sub)dependency in the current
+working directory and opens the package folder in the default editor
+(or whatever you've configured as the npm `editor` config -- see
+`npm-config(7)`.)
 
 After it has been edited, the package is rebuilt so as to pick up any
 changes in compiled packages.

deps/npm/doc/cli/npm-install.md

@@ -199,7 +199,7 @@ after packing it up into a tarball (b).
     be any valid semver range or exact version, and npm will look for any tags
     or refs matching that range in the remote repository, much as it would for a
     registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is
-    specified, then `master` is used.
+    specified, then the default branch of the repository is used.
 
     If the repository makes use of submodules, those submodules will be cloned
     as well.

deps/npm/doc/cli/npm-outdated.md

@@ -27,6 +27,7 @@ In the output:
 * `package type` (when using `--long` / `-l`) tells you whether this package is
   a `dependency` or a `devDependency`. Packages not included in `package.json`
   are always marked `dependencies`.
+* `homepage` (when using `--long` / `-l`) is the `homepage` value contained in the package's `package.json`
 * Red means there's a newer version matching your semver requirements, so you should update now.
 * Yellow indicates that there's a newer version above your semver requirements (usually new major, or new 0.x minor) so proceed with caution.