Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: upgrade npm to 6.4.1 #22591

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
17 changes: 17 additions & 0 deletions deps/npm/AUTHORS
Original file line number Diff line number Diff line change
Expand Up @@ -584,3 +584,20 @@ Geoffrey Mattie <info@geoffreymattie.com>
Luis Lobo Borobia <luislobo@gmail.com>
Aaron Tribou <tribou@users.noreply.github.com>
刘祺 <gucong@gmail.com>
Brad Johnson <bradsk88@gmail.com>
Artem Varaksa <aymfst@gmail.com>
Mary <Ipadlover8322@gmail.com>
Darryl Pogue <dvpdiner2@gmail.com>
Rick Schubert <rickschubert@gmx.de>
Daniel W <dwilches@gmail.com>
XhmikosR <xhmikosr@gmail.com>
Martin Kühl <mkhl@users.noreply.github.com>
Valentin Ouvrard <valentin210594@gmail.com>
Noah Benham <noahbenham@users.noreply.github.com>
Brian Olore <brian@olore.net>
Mat Warger <mwarger@gmail.com>
Federico Rampazzo <frampone@gmail.com>
SneakyFish5 <32284796+SneakyFish5@users.noreply.github.com>
Nikki Everett <neverett@users.noreply.github.com>
Erik Price <github@erikprice.net>
Lars Willighagen <lars.willighagen@gmail.com>
275 changes: 274 additions & 1 deletion deps/npm/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,275 @@
## v6.4.1 (2018-08-22):

### BUGFIXES

* [`4bd40f543`](https://github.com/npm/cli/commit/4bd40f543dc89f0721020e7d0bb3497300d74818)
[#42](https://github.com/npm/cli/pull/42)
Prevent blowing up on malformed responses from the `npm audit` endpoint, such
as with third-party registries.
([@framp](https://github.com/framp))
* [`0e576f0aa`](https://github.com/npm/cli/commit/0e576f0aa6ea02653d948c10f29102a2d4a31944)
[#46](https://github.com/npm/cli/pull/46)
Fix `NO_PROXY` support by renaming npm-side config to `--noproxy`. The
environment variable should still work.
([@SneakyFish5](https://github.com/SneakyFish5))
* [`d8e811d6a`](https://github.com/npm/cli/commit/d8e811d6adf3d87474982cb831c11316ac725605)
[#33](https://github.com/npm/cli/pull/33)
Disable `update-notifier` checks when a CI environment is detected.
([@Sibiraj-S](https://github.com/Sibiraj-S))
* [`1bc5b8cea`](https://github.com/npm/cli/commit/1bc5b8ceabc86bfe4777732f25ffef0f3de81bd1)
[#47](https://github.com/npm/cli/pull/47)
Fix issue where `postpack` scripts would break if `pack` was used with
`--dry-run`.
([@larsgw](https://github.com/larsgw))

### DEPENDENCY BUMPS

* [`4c57316d5`](https://github.com/npm/cli/commit/4c57316d5633e940105fa545b52d8fbfd2eb9f75)
`figgy-pudding@3.4.1`
([@zkat](https://github.com/zkat))
* [`85f4d7905`](https://github.com/npm/cli/commit/85f4d79059865d5267f3516b6cdbc746012202c6)
`cacache@11.2.0`
([@zkat](https://github.com/zkat))
* [`d20ac242a`](https://github.com/npm/cli/commit/d20ac242aeb44aa3581c65c052802a02d5eb22f3)
`npm-packlist@1.1.11`:
No real changes in npm-packlist, but npm-bundled included a
circular dependency fix, as well as adding a proper LICENSE file.
([@isaacs](https://github.com/isaacs))
* [`e8d5f4418`](https://github.com/npm/cli/commit/e8d5f441821553a31fc8cd751670663699d2c8ce)
[npm.community#632](https://npm.community/t/https://npm.community/t/using-npm-ci-does-not-run-prepare-script-for-git-modules/632)
`libcipm@2.0.2`:
Fixes issue where `npm ci` wasn't running the `prepare` lifecycle script when
installing git dependencies
([@edahlseng](https://github.com/edahlseng))
* [`a5e6f78e9`](https://github.com/npm/cli/commit/a5e6f78e916873f7d18639ebdb8abd20479615a9)
`JSONStream@1.3.4`:
Fixes memory leak problem when streaming large files (like legacy npm search).
([@daern91](https://github.com/daern91))
* [`3b940331d`](https://github.com/npm/cli/commit/3b940331dcccfa67f92366adb7ffd9ecf7673a9a)
[npm.community#1042](https://npm.community/t/3-path-variables-are-assigned-to-child-process-launched-by-npm/1042)
`npm-lifecycle@2.1.0`:
Fixes issue for Windows user where multiple `Path`/`PATH` variables were being
added to the environment and breaking things in all sorts of fun and
interesting ways.
([@JimiC](https://github.com/JimiC))
* [`d612d2ce8`](https://github.com/npm/cli/commit/d612d2ce8fab72026f344f125539ecbf3746af9a)
`npm-registry-client@8.6.0`
([@iarna](https://github.com/iarna))
* [`1f6ba1cb1`](https://github.com/npm/cli/commit/1f6ba1cb174590c1f5d2b00e2ca238dfa39d507a)
`opener@1.5.0`
([@domenic](https://github.com/domenic))
* [`37b8f405f`](https://github.com/npm/cli/commit/37b8f405f35c861b7beeed56f71ad20b0bf87889)
`request@2.88.0`
([@mikeal](https://github.com/mikeal))
* [`bb91a2a14`](https://github.com/npm/cli/commit/bb91a2a14562e77769057f1b6d06384be6d6bf7f)
`tacks@1.2.7`
([@iarna](https://github.com/iarna))
* [`30bc9900a`](https://github.com/npm/cli/commit/30bc9900ae79c80bf0bdee0ae6372da6f668124c)
`ci-info@1.4.0`:
Adds support for two more CI services
([@watson](https://github.com/watson))
* [`1d2fa4ddd`](https://github.com/npm/cli/commit/1d2fa4dddcab8facfee92096cc24b299387f3182)
`marked@0.5.0`
([@joshbruce](https://github.com/joshbruce))

### DOCUMENTATION

* [`08ecde292`](https://github.com/npm/cli/commit/08ecde2928f8c89a2fdaa800ae845103750b9327)
[#54](https://github.com/npm/cli/pull/54)
Mention registry terms of use in manpage and registry docs and update language
in README for it.
([@kemitchell](https://github.com/kemitchell))
* [`de956405d`](https://github.com/npm/cli/commit/de956405d8b72354f98579d00c6dd30ac3b9bddf)
[#41](https://github.com/npm/cli/pull/41)
Add documentation for `--dry-run` in `install` and `pack` docs.
([@reconbot](https://github.com/reconbot))
* [`95031b90c`](https://github.com/npm/cli/commit/95031b90ce0b0c4dcd5e4eafc86e3e5bfd59fb3e)
[#48](https://github.com/npm/cli/pull/48)
Update republish time and lightly reorganize republish info.
([@neverett](https://github.com/neverett))
* [`767699b68`](https://github.com/npm/cli/commit/767699b6829b8b899d5479445e99b0ffc43ff92d)
[#53](https://github.com/npm/cli/pull/53)
Correct `npm@6.4.0` release date in changelog.
([@charmander](https://github.com/charmander))
* [`3fea3166e`](https://github.com/npm/cli/commit/3fea3166eb4f43f574fcfd9ee71a171feea2bc29)
[#55](https://github.com/npm/cli/pull/55)
Align command descriptions in help text.
([@erik](https://github.com/erik))

## v6.4.0 (2018-08-09):

### NEW FEATURES

* [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7)
[npm/cli#8](https://github.com/npm/cli/pull/8)
Search for authentication token defined by environment variables by preventing
the translation layer from env variable to npm option from breaking
`:_authToken`.
([@mkhl](https://github.com/mkhl))
* [`84bfd23e7`](https://github.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022)
[npm/cli#35](https://github.com/npm/cli/pull/35)
Stop filtering out non-IPv4 addresses from `local-addrs`, making npm actually
use IPv6 addresses when it must.
([@valentin2105](https://github.com/valentin2105))
* [`792c8c709`](https://github.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd)
[npm/cli#31](https://github.com/npm/cli/pull/31)
configurable audit level for non-zero exit
`npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level.
Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found.
Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected.
([@lennym](https://github.com/lennym))

### BUGFIXES

* [`d81146181`](https://github.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c)
[npm/cli#32](https://github.com/npm/cli/pull/32)
Don't check for updates to npm when we are updating npm itself.
([@olore](https://github.com/olore))

### DEPENDENCY UPDATES

A very special dependency update event! Since the [release of
`node-gyp@3.8.0`](https://github.com/nodejs/node-gyp/pull/1521), an awkward
version conflict that was preventing `request` from begin flattened was
resolved. This means two things:

1. We've cut down the npm tarball size by another 200kb, to 4.6MB
2. `npm audit` now shows no vulnerabilities for npm itself!

Thanks, [@rvagg](https://github.com/rvagg)!

* [`866d776c2`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6)
`request@2.87.0`
([@simov](https://github.com/simov))
* [`f861c2b57`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f)
`node-gyp@3.8.0`
([@rvagg](https://github.com/rvagg))
* [`32e6947c6`](https://github.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9)
[npm/cli#39](https://github.com/npm/cli/pull/39)
`colors@1.1.2`:
REVERT REVERT, newer versions of this library are broken and print ansi
codes even when disabled.
([@iarna](https://github.com/iarna))
* [`beb96b92c`](https://github.com/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335)
`libcipm@2.0.1`
([@zkat](https://github.com/zkat))
* [`348fc91ad`](https://github.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1)
`validate-npm-package-license@3.0.4`: Fixes errors with empty or string-only
license fields.
([@Gudahtt](https://github.com/Gudahtt))
* [`e57d34575`](https://github.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550)
`iferr@1.0.2`
([@shesek](https://github.com/shesek))
* [`46f1c6ad4`](https://github.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c)
`tar@4.4.6`
([@isaacs](https://github.com/isaacs))
* [`50df1bf69`](https://github.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561)
`hosted-git-info@2.7.1`
([@iarna](https://github.com/iarna))
([@Erveon](https://github.com/Erveon))
([@huochunpeng](https://github.com/huochunpeng))

### DOCUMENTATION

* [`af98e76ed`](https://github.com/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a)
[npm/cli#34](https://github.com/npm/cli/pull/34)
Remove `npm publish` from list of commands not affected by `--dry-run`.
([@joebowbeer](https://github.com/joebowbeer))
* [`e2b0f0921`](https://github.com/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce)
[npm/cli#36](https://github.com/npm/cli/pull/36)
Tweak formatting in repository field examples.
([@noahbenham](https://github.com/noahbenham))
* [`e2346e770`](https://github.com/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a)
[npm/cli#14](https://github.com/npm/cli/pull/14)
Used `process.env` examples to make accessing certain `npm run-scripts`
environment variables more clear.
([@mwarger](https://github.com/mwarger))

## v6.3.0 (2018-08-01):

This is basically the same as the prerelease, but two dependencies have been
bumped due to bugs that had been around for a while.

* [`0a22be42e`](https://github.com/npm/cli/commit/0a22be42eb0d40cd0bd87e68c9e28fc9d72c0e19)
`figgy-pudding@3.2.0`
([@zkat](https://github.com/zkat))
* [`0096f6997`](https://github.com/npm/cli/commit/0096f69978d2f40b170b28096f269b0b0008a692)
`cacache@11.1.0`
([@zkat](https://github.com/zkat))

## v6.3.0-next.0 (2018-07-25):

### NEW FEATURES

* [`ad0dd226f`](https://github.com/npm/cli/commit/ad0dd226fb97a33dcf41787ae7ff282803fb66f2)
[npm/cli#26](https://github.com/npm/cli/pull/26)
`npm version` now supports a `--preid` option to specify the preid for
prereleases. For example, `npm version premajor --preid rc` will tag a version
like `2.0.0-rc.0`.
([@dwilches](https://github.com/dwilches))

### MESSAGING IMPROVEMENTS

* [`c1dad1e99`](https://github.com/npm/cli/commit/c1dad1e994827f2eab7a13c0f6454f4e4c22ebc2)
[npm/cli#6](https://github.com/npm/cli/pull/6)
Make `npm audit fix` message provide better instructions for vulnerabilities
that require manual review.
([@bradsk88](https://github.com/bradsk88))
* [`15c1130fe`](https://github.com/npm/cli/commit/15c1130fe81961706667d845aad7a5a1f70369f3)
Fix missing colon next to tarball url in new `npm view` output.
([@zkat](https://github.com/zkat))
* [`21cf0ab68`](https://github.com/npm/cli/commit/21cf0ab68cf528d5244ae664133ef400bdcfbdb6)
[npm/cli#24](https://github.com/npm/cli/pull/24)
Use the defaut OTP explanation everywhere except when the context is
"OTP-aware" (like when setting double-authentication). This improves the
overall CLI messaging when prompting for an OTP code.
([@jdeniau](https://github.com/jdeniau))

### MISC

* [`a9ac8712d`](https://github.com/npm/cli/commit/a9ac8712dfafcb31a4e3deca24ddb92ff75e942d)
[npm/cli#21](https://github.com/npm/cli/pull/21)
Use the extracted `stringify-package` package.
([@dpogue](https://github.com/dpogue))
* [`9db15408c`](https://github.com/npm/cli/commit/9db15408c60be788667cafc787116555507dc433)
[npm/cli#27](https://github.com/npm/cli/pull/27)
`wrappy` was previously added to dependencies in order to flatten it, but we
no longer do legacy-style for npm itself, so it has been removed from
`package.json`.
([@rickschubert](https://github.com/rickschubert))

### DOCUMENTATION

* [`3242baf08`](https://github.com/npm/cli/commit/3242baf0880d1cdc0e20b546d3c1da952e474444)
[npm/cli#13](https://github.com/npm/cli/pull/13)
Update more dead links in README.md.
([@u32i64](https://github.com/u32i64))
* [`06580877b`](https://github.com/npm/cli/commit/06580877b6023643ec780c19d84fbe120fe5425c)
[npm/cli#19](https://github.com/npm/cli/pull/19)
Update links in docs' `index.html` to refer to new bug/PR URLs.
([@watilde](https://github.com/watilde))
* [`ca03013c2`](https://github.com/npm/cli/commit/ca03013c23ff38e12902e9569a61265c2d613738)
[npm/cli#15](https://github.com/npm/cli/pull/15)
Fix some typos in file-specifiers docs.
([@Mstrodl](https://github.com/Mstrodl))
* [`4f39f79bc`](https://github.com/npm/cli/commit/4f39f79bcacef11bf2f98d09730bc94d0379789b)
[npm/cli#16](https://github.com/npm/cli/pull/16)
Fix some typos in file-specifiers and package-lock docs.
([@watilde](https://github.com/watilde))
* [`35e51f79d`](https://github.com/npm/cli/commit/35e51f79d1a285964aad44f550811aa9f9a72cd8)
[npm/cli#18](https://github.com/npm/cli/pull/18)
Update build status badge url in README.
([@watilde](https://github.com/watilde))
* [`a67db5607`](https://github.com/npm/cli/commit/a67db5607ba2052b4ea44f66657f98b758fb4786)
[npm/cli#17](https://github.com/npm/cli/pull/17/)
Replace TROUBLESHOOTING.md with [posts in
npm.community](https://npm.community/c/support/troubleshooting).
([@watilde](https://github.com/watilde))
* [`e115f9de6`](https://github.com/npm/cli/commit/e115f9de65bf53711266152fc715a5012f7d3462)
[npm/cli#7](https://github.com/npm/cli/pull/7)
Use https URLs in documentation when appropriate. Happy [Not Secure Day](https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/)!
([@XhmikosR](https://github.com/XhmikosR))

## v6.2.0 (2018-07-13):

In case you missed it, [we
Expand All @@ -13,7 +285,8 @@ quite ready on time but that we'd still like to include. Enjoy!

* [`244b18380`](https://github.com/npm/npm/commit/244b18380ee55950b13c293722771130dbad70de)
[#20554](https://github.com/npm/npm/pull/20554)
add support for --parseable output
Add support for tab-separated output for `npm audit` data with the
`--parseable` flag.
([@luislobo](https://github.com/luislobo))
* [`7984206e2`](https://github.com/npm/npm/commit/7984206e2f41b8d8361229cde88d68f0c96ed0b8)
[#12697](https://github.com/npm/npm/pull/12697)
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ This includes anyone who may show up to the npm/npm repo with issues, PRs, comme
* Comment on issues when they have a reference to the answer.
* If community members aren't sure they are correct and don't have a reference to the answer, please leave the issue and try another one.
* Defer to collaborators and npm employees for answers.
* Make sure to search for [the troubleshooting doc](./TROUBLESHOOTING.md) and search on the issue tracker for similar issues before opening a new one.
* Make sure to search for [the troubleshooting posts on npm.community](https://npm.community/c/support/troubleshooting) and search on the issue tracker for similar issues before opening a new one.
* Any users with urgent support needs are welcome to email support@npmjs.com, and our dedicated support team will be happy to help.

PLEASE don't @ collaborators or npm employees on issues. The CLI team is small, and has many outstanding commitments to fulfill.
Expand Down
13 changes: 5 additions & 8 deletions deps/npm/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
npm(1) -- a JavaScript package manager
==============================

[![Build Status](https://img.shields.io/travis/npm/npm/latest.svg)](https://travis-ci.org/npm/npm)
[![Build Status](https://img.shields.io/travis/npm/cli/latest.svg)](https://travis-ci.org/npm/cli)

## SYNOPSIS

Expand All @@ -16,17 +16,14 @@ Much more info will be available via `npm help` once it's installed.
To install an old **and unsupported** version of npm that works on node v5
and prior, clone the git repo and dig through the old tags and branches.

**npm is configured to use npm, Inc.'s public package registry at
<https://registry.npmjs.org> by default.**
**npm is configured to use npm, Inc.'s public registry at
<https://registry.npmjs.org> by default.** Use of the npm public registry
is subject to terms of use available at <https://www.npmjs.com/policies/terms>.

You can configure npm to use any compatible registry you
like, and even run your own registry. Check out the [doc on
registries](https://docs.npmjs.com/misc/registry).

Use of someone else's registry may be governed by terms of use. The
terms of use for the default public registry are available at
<https://www.npmjs.com>.

## Super Easy Install

npm is bundled with [node](https://nodejs.org/en/download/).
Expand Down Expand Up @@ -88,7 +85,7 @@ experience if you run a recent version of npm. To upgrade, either use [Microsoft
upgrade tool](https://github.com/felixrieseberg/npm-windows-upgrade),
[download a new version of Node](https://nodejs.org/en/download/),
or follow the Windows upgrade instructions in the
[npm Troubleshooting Guide](./TROUBLESHOOTING.md).
[Installing/upgrading npm](https://npm.community/t/installing-upgrading-npm/251/2) post.

If that's not fancy enough for you, then you can fetch the code with
git, and mess with it directly.
Expand Down
7 changes: 6 additions & 1 deletion deps/npm/bin/npm-cli.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,20 +69,25 @@
npm.command = 'help'
}

var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')

// now actually fire up npm and run the command.
// this is how to use npm programmatically:
conf._exit = true
npm.load(conf, function (er) {
if (er) return errorHandler(er)
if (
!isGlobalNpmUpdate &&
npm.config.get('update-notifier') &&
!unsupported.checkVersion(process.version).unsupported
) {
const pkg = require('../package.json')
let notifier = require('update-notifier')({pkg})
const isCI = require('ci-info').isCI
if (
notifier.update &&
notifier.update.latest !== pkg.version
notifier.update.latest !== pkg.version &&
!isCI
) {
const color = require('ansicolors')
const useColor = npm.config.get('color')
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/doc/cli/npm-hook.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ $ npm hook rm id-deadbeef
## DESCRIPTION

Allows you to manage [npm
hooks](http://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm),
hooks](https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm),
including adding, removing, listing, and updating.

Hooks allow you to configure URL endpoints that will be notified whenever a
Expand All @@ -69,4 +69,4 @@ request came from your own configured hook.

## SEE ALSO

* ["Introducing Hooks" blog post](http://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm)
* ["Introducing Hooks" blog post](https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm)
Loading